Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Firefox New tab search hijack+slow startup

This is a discussion on Firefox New tab search hijack+slow startup within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Originally Posted by Veke When I open a blank new tab in Firefox, after 10 seconds or so, if I


 
 
Thread Tools Search this Thread
Old 03-23-2013, 03:22 AM   #1
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



Quote:
Originally Posted by Veke View Post
When I open a blank new tab in Firefox, after 10 seconds or so, if I don't go to any site, it redirects to: http://websearch.helpmefindyour.info/

I cleared cookies (it was there), scanned with SUPERAntiSpyware(which also found it) but it keeps coming back every time I open a new tab.
I've also noticed my PC is somewhat slower to start up than usual.

Here are the logs.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.17.2
Run by Yleinen at 12:11:27 on 2013-03-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.3263.2025 [GMT 2:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Hamachi\hamachi-2.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://websearch.helpmefindyour.info/?pid=798&r=2013/03/21&hid=3317967932&lg=EN&cc=FI
uURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} -
mURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} -
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Search-NewTaab: {BFCB0C79-E662-9EC1-4F9C-E53BAA875968} - c:\documents and settings\all users\application data\search-newtaab\514b4a9c85ffc.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Steam] "i:\steami\steam.exe" -silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CAPON] c:\windows\system32\spool\drivers\w32x86\3\CAPONN.EXE
mRun: [OCDLMgr] RunDll32.exe c:\progra~1\flstud~1\openca~1\OCSETU~1.DLL,_MgrCheck@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [3170 Scan2PC] "c:\windows\twain_32\samsung\clx3170\Scan2pc.exe"
mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Launch LCore] c:\program files\logitech gaming software\LCore.exe /minimized
mRun: [LogMeIn Hamachi Ui] "c:\program files\hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
IE: Vie Microsoft E&xceliin - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239653083687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 62.240.64.97 62.240.64.135
TCP: Interfaces\{C335B51A-9338-4D1F-B699-8927161802C6} : DHCPNameServer = 62.240.64.97 62.240.64.135
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs= c:\progra~1\websea~1\sprote~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\yleinen\application data\mozilla\firefox\profiles\1w3a7a95.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.helpmefindyour.info/?pid=798&r=2013/03/21&hid=3317967932&lg=EN&cc=FI&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://websearch.helpmefindyour.info/?pid=798&r=2013/03/21&hid=3317967932&lg=EN&cc=FI&l=1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-03-21 19:59; bautpfp@wwa-cxgq.com; c:\documents and settings\yleinen\application data\mozilla\firefox\profiles\1w3a7a95.default\extensions\bautpfp@wwa-cxgq.com
FF - ExtSQL: 2013-03-21 19:59; axjxauiu@uoofaau-.org; c:\documents and settings\yleinen\application data\mozilla\firefox\profiles\1w3a7a95.default\extensions\axjxauiu@uoofaau-.org
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-19 33112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-2 116608]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-1 10384]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [2009-5-11 22912]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-3-18 968880]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-6-21 61096]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [2008-11-3 27544]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2012-10-9 19720]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\drivers\LGSHidFilt.Sys [2012-10-9 42008]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-12-31 28672]
R4 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys --> c:\windows\system32\drivers\d344bus.sys [?]
R4 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys --> c:\windows\system32\drivers\d344prt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 bDMusicb;bDMusicb;c:\docume~1\yleinen\locals~1\temp\bDMusicb.sys [2003-6-1 31744]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2012-10-9 14856]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .reg: regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2013-03-22 09:08:55 -------- d-----w- c:\documents and settings\yleinen\application data\NCdownloader
2013-03-21 17:26:40 -------- d-----w- c:\documents and settings\all users\application data\Search-NewTaab
2013-03-21 17:26:29 -------- d-----w- c:\program files\WebSearch
2013-03-21 17:26:10 -------- d-----w- c:\program files\BrowseToSave
2013-03-21 17:26:07 -------- d-----w- c:\documents and settings\all users\application data\BRowse2save
2013-03-21 17:25:49 -------- d-----w- c:\windows\system32\X86
2013-03-21 17:25:49 -------- d-----w- c:\windows\system32\AMD64
2013-03-21 17:24:19 -------- d-----w- c:\documents and settings\all users\application data\SoftSafe
2013-03-21 17:23:20 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2013-03-19 18:26:40 -------- d-----w- C:\Fraps
2013-03-19 16:56:00 -------- d-----w- c:\documents and settings\all users\Kynnist-valikko
2013-03-19 16:55:51 -------- d-----w- c:\program files\common files\Steam
2013-03-15 16:00:04 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-03-15 16:00:04 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-03-15 16:00:00 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 16:00:00 15664416 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 15:59:57 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-03-15 15:58:56 65536 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-15 15:48:07 10707360 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2013-03-15 15:48:07 10707360 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-15 15:44:23 19685376 ----a-w- c:\windows\system32\nvoglnt.dll
2013-03-15 15:44:22 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-03-15 15:44:21 7749632 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-15 15:44:21 2731296 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-15 15:44:21 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-15 15:44:21 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-03-15 15:44:15 2481664 ----a-w- c:\windows\system32\nvapi.dll
2013-03-15 15:44:15 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-14 13:13:30 -------- d-----w- c:\program files\common files\PCSuite
2013-03-14 13:11:37 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-03-14 13:11:25 -------- d-----w- c:\program files\PC Connectivity Solution
2013-03-14 13:10:18 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2013-03-14 13:10:17 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2013-03-14 13:10:16 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2013-03-14 13:10:15 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2013-03-14 13:10:14 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2013-03-14 13:10:12 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2013-03-14 13:10:10 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2013-03-14 13:05:17 -------- d-sh--w- c:\documents and settings\yleinen\Phone Browser
2013-03-13 17:27:14 263186 ----a-w- c:\documents and settings\yleinen\application data\microsoft\internet explorer\quick launch\Minecraft.exe
2013-03-08 20:44:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-08 10:41:59 3540480 ----a-w- c:\program files\mozilla firefox\dolphin\plugins\Plugin_VideoOGL.dll
2013-03-07 14:05:24 -------- d-----w- c:\program files\MyDefrag v4.3.1
2013-02-28 13:25:58 -------- d-----w- c:\documents and settings\yleinen\application data\AVG
2013-02-28 13:25:03 -------- d-----w- c:\documents and settings\all users\application data\AVG
2013-02-28 13:23:25 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
.
==================== Find3M ====================
.
2013-03-18 18:05:42 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-18 14:13:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-18 14:13:28 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 15:58:54 1079188 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-03-15 15:58:54 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-03-15 15:58:37 1079188 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-03-08 20:43:57 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 20:43:56 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-08 20:43:55 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-03 10:00:22 1734 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2013-03-02 13:39:00 98304 ----a-w- c:\windows\DUMPb8c0.tmp
2013-02-28 14:46:14 0 ----a-w- c:\documents and settings\yleinen\ntuser.tmp
2013-02-20 14:56:23 98304 ----a-w- c:\windows\DUMPd0ec.tmp
2013-02-10 03:20:28 6070272 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:20:28 4078976 ----a-w- c:\windows\system32\nv4_disp.dll
2013-01-31 21:41:34 98304 ----a-w- c:\windows\DUMPb72a.tmp
2009-04-10 19:49:26 272176 ----a-w- c:\program files\utorrent.exe
.
============= FINISH: 12:19:53,15 ===============

ARK.txt and attach.txt attached.

Thank you in advance.
Attached Files
File Type: txt ARK.txt (4.2 KB, 24 views)
File Type: txt attach.txt (52.3 KB, 25 views)

__________________
Veke is offline  
Old 03-24-2013, 08:33 PM   #2
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that.... Let's get going!!
----------

Please download aswMBR to your desktop.
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.


Click the image to enlarge it

AdwCleaner
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-25-2013, 04:32 AM   #3
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



Hello.

Here are the contents of AdwCleaner[S1].txt. aswMBR.txt is attached.

# AdwCleaner v2.115 - Logfile created 03/25/2013 at 13:02:52
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Yleinen - NUORTIMO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Yleinen\Omat tiedostot\Lataukset\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\searchplugins\WebSearch.xml
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browse2save
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
Folder Deleted : C:\Documents and Settings\Yleinen\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\WinampToolbarData
Folder Deleted : C:\Documents and Settings\Yleinen\Application Data\NCdownloader
Folder Deleted : C:\Documents and Settings\Yleinen\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Yleinen\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Yleinen\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Yleinen\Local Settings\Application Data\Winamp Toolbar
Folder Deleted : C:\Program Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.helpmefindyour.info/?pid=798&r=2013/03/21&hid=3317967932&lg=EN&cc=FI --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (fi)

File : C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\prefs.js

C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.helpmefindyour.info/?pid=798&r=2013/03/21&h[...]
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.514b4a73c0654.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("keyword.URL", "hxxp://websearch.helpmefindyour.info/?pid=798&r=2013/03/21&hid=3317967932&[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Yleinen\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.167] : homepage = "hxxp://websearch.helpmefindyour.info/?pid=798&r=2013/03/21&hid=3317967932&lg=EN&cc=FI"[...]

-\\ Opera v12.2.1578.0

File : C:\Documents and Settings\Yleinen\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [12154 octets] - [25/03/2013 13:02:52]

########## EOF - C:\AdwCleaner[S1].txt - [12215 octets] ##########
Attached Files
File Type: txt aswMBR.txt (2.1 KB, 18 views)
__________________
Veke is offline  
Old 03-25-2013, 04:55 AM   #4
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Hi,

Please download TDSSKiller
  • Double click TDSSKiller.exe
  • Press Start Scan
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-25-2013, 05:45 AM   #5
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



Hi.

I have attached the log.

I don't know if it's of any use to know, but I should correct that the PC is slowed down overall, not just during startup. The sound stutters constantly and programs start and run slower. There now also appears to be some sort of adware that shows some words on various sites as ad links, in addition to the ad search on opening a new tab which I already mentioned.
Attached Files
File Type: txt TDSSKiller.2.8.16.0_25.03.2013_14.40.47_log.txt (104.4 KB, 19 views)
__________________
Veke is offline  
Old 03-25-2013, 10:24 AM   #6
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Thanks for letting me know.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-26-2013, 03:06 AM   #7
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



Hey.

Done with that, combofix.txt is attached. For now, the new tab redirecting malware seems to persist, despite there apparently having been some kind of other search hijack detected, as seen in that log.
Attached Files
File Type: txt ComboFix.txt (32.0 KB, 26 views)
__________________
Veke is offline  
Old 03-26-2013, 08:20 AM   #8
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :dir
    c:\documents and settings\Järjestelmänvalvoja /s
    c:\documents and settings\All Users\Kynnist-valikko /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-26-2013, 09:11 AM   #9
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



SystemLook 30.07.11 by jpshortstuff
Log created at 18:10 on 26/03/2013 by Yleinen
Administrator - Elevation successful

========== dir ==========

c:\documents and settings\Järjestelmänvalvoja - Parameters: "/s"

---Files---
NTUSER.DAT --ah--- 786432 bytes [13:49 23/03/2013] [14:00 23/03/2013]
NTUSER.DAT.LOG --ah--- 1024 bytes [13:49 23/03/2013] [13:48 26/03/2013]
ntuser.ini --ahs-- 188 bytes [13:49 23/03/2013] [14:00 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data dr-h--- [13:49 23/03/2013]
desktop.ini --ahs-- 62 bytes [13:49 23/03/2013] [23:10 12/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Macromedia d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Macromedia\Flash Player d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Macromedia\Flash Player\Adobe d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Macromedia\Flash Player\www.macromedia.com\bin d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller d------ [13:49 23/03/2013]
airappinstaller.exe --a---- 38784 bytes [13:49 23/03/2013] [08:28 06/08/2011]
digest.s --a---- 2836 bytes [13:49 23/03/2013] [08:28 06/08/2011]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft\Credentials d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft\Credentials\S-1-5-21-746137067-287218729-682003330-500 d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft\Internet Explorer d------ [13:49 23/03/2013]
brndlog.bak --a---- 113 bytes [13:49 23/03/2013] [17:10 13/04/2009]
brndlog.txt --a---- 141 bytes [13:49 23/03/2013] [17:10 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft\SystemCertificates d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft\SystemCertificates\My d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft\SystemCertificates\My\Certificates d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft\SystemCertificates\My\CRLs d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\Microsoft\SystemCertificates\My\CTLs d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\TuneUp Software d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\TuneUp Software\TU2012 d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Application Data\TuneUp Software\TU2012\Backups d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Cookies d---s-- [13:49 23/03/2013]
index.dat --a---- 16384 bytes [13:49 23/03/2013] [13:56 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Käynnistä-valikko dr----- [13:49 23/03/2013]
desktop.ini --ahs-- 62 bytes [13:49 23/03/2013] [23:10 12/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Käynnistä-valikko\Ohjelmat dr----- [13:49 23/03/2013]
desktop.ini --ahs-- 196 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Etätuki.lnk --a---- 1599 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Windows Media Player.lnk --a---- 792 bytes [13:49 23/03/2013] [17:10 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Käynnistä-valikko\Ohjelmat\Apuohjelmat dr----- [13:49 23/03/2013]
desktop.ini --ahs-- 506 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Komentorivi.lnk --a---- 1555 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Muistio.lnk --a---- 1519 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Ohjattu sovelluksen yhteensopivuustoiminto.lnk --a---- 386 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Synkronoi.lnk --a---- 1519 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Windows Resurssienhallinta.lnk --a---- 1487 bytes [13:49 23/03/2013] [17:09 13/04/2009]
Windows XP -esittely.lnk --a---- 1527 bytes [13:49 23/03/2013] [17:10 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Käynnistä-valikko\Ohjelmat\Apuohjelmat\Helppokäyttötoiminnot dr----- [13:49 23/03/2013]
desktop.ini --ahs-- 303 bytes [13:49 23/03/2013] [17:10 13/04/2009]
OnScreen-näppäimistö.lnk --a---- 1501 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Suurennuslasi.lnk --a---- 1525 bytes [13:49 23/03/2013] [17:10 13/04/2009]
Toimintojen hallinta.lnk --a---- 1539 bytes [13:49 23/03/2013] [17:10 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Käynnistä-valikko\Ohjelmat\Apuohjelmat\Viihde dr----- [13:49 23/03/2013]
desktop.ini --ahs-- 84 bytes [13:49 23/03/2013] [17:10 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Käynnistä-valikko\Ohjelmat\Käynnistys dr----- [13:49 23/03/2013]
desktop.ini --ahs-- 84 bytes [13:49 23/03/2013] [17:10 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Local Settings d--h--- [13:49 23/03/2013]
desktop.ini --ahs-- 62 bytes [13:49 23/03/2013] [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Application Data d--h--- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Application Data\Microsoft d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Application Data\Microsoft\CD Burning d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Application Data\Microsoft\Credentials d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-746137067-287218729-682003330-500 d---s-- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Application Data\Microsoft\Windows d------ [13:49 23/03/2013]
UsrClass.dat --ah--- 262144 bytes [13:49 23/03/2013] [14:00 23/03/2013]
UsrClass.dat.LOG --ah--- 1024 bytes [13:49 23/03/2013] [14:00 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Sivuhistoria d---s-- [13:49 23/03/2013]
desktop.ini --ahs-- 113 bytes [13:49 23/03/2013] [17:10 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Sivuhistoria\History.IE5 d---s-- [13:49 23/03/2013]
desktop.ini --ahs-- 113 bytes [13:49 23/03/2013] [17:10 13/04/2009]
index.dat --a---- 16384 bytes [13:49 23/03/2013] [13:56 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\temp d------ [10:03 26/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Local Settings\Temporary Internet Files d---s-- [13:49 23/03/2013]
desktop.ini --ahs-- 67 bytes [13:49 23/03/2013] [17:10 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Mallit d--h--- [13:49 23/03/2013]
amipro.sam --a---- 4570 bytes [13:49 23/03/2013] [12:00 25/04/2003]
excel.xls --a---- 5632 bytes [13:49 23/03/2013] [12:00 25/04/2003]
excel4.xls --a---- 1518 bytes [13:49 23/03/2013] [12:00 25/04/2003]
lotus.wk4 --a---- 2448 bytes [13:49 23/03/2013] [12:00 25/04/2003]
powerpnt.ppt --a---- 12288 bytes [13:49 23/03/2013] [12:00 25/04/2003]
presenta.shw --a---- 461 bytes [13:49 23/03/2013] [12:00 25/04/2003]
quattro.wb2 --a---- 4017 bytes [13:49 23/03/2013] [12:00 25/04/2003]
sndrec.wav --a---- 58 bytes [13:49 23/03/2013] [12:00 25/04/2003]
winword.doc --a---- 4608 bytes [13:49 23/03/2013] [12:00 25/04/2003]
winword2.doc --a---- 1769 bytes [13:49 23/03/2013] [12:00 25/04/2003]
wordpfct.wpd -ra---- 30 bytes [13:49 23/03/2013] [12:00 25/04/2003]
wordpfct.wpg -ra---- 57 bytes [13:49 23/03/2013] [12:00 25/04/2003]

c:\documents and settings\Järjestelmänvalvoja\Recent d--h--- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\SendTo dr-h--- [13:49 23/03/2013]
desktop.ini --ahs-- 180 bytes [13:49 23/03/2013] [17:09 13/04/2009]
Pakattu kansio.ZFSendToTarget --a---- 0 bytes [13:49 23/03/2013] [17:09 13/04/2009]
Sähköpostin vastaanottaja.MAPIMail --a---- 0 bytes [13:49 23/03/2013] [17:09 13/04/2009]
Työpöytä (luo pikakuvake).DeskLink --a---- 0 bytes [13:49 23/03/2013] [17:09 13/04/2009]

c:\documents and settings\Järjestelmänvalvoja\Suosikit d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Tulostinympäristö d--h--- [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Työpöytä d------ [13:49 23/03/2013]

c:\documents and settings\Järjestelmänvalvoja\Verkkoympäristö d--h--- [13:49 23/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko - Parameters: "/s"

---Files---
desktop.ini --ahs-- 268 bytes [23:10 12/04/2009] [08:14 14/04/2009]
Softendo Games World.lnk --a---- 1665 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Valitse käytettävät ohjelmat.lnk --a---- 1563 bytes [17:10 13/04/2009] [08:14 14/04/2009]
Windows Catalog.lnk --a---- 398 bytes [17:10 13/04/2009] [17:10 13/04/2009]
Windows Update -sivusto.lnk --a---- 1507 bytes [17:10 13/04/2009] [14:34 28/02/2013]
µTorrent.lnk --a---- 630 bytes [21:38 23/03/2013] [21:38 23/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat dr----- [23:10 12/04/2009]
4U Download YouTube Video.lnk --a---- 877 bytes [20:21 17/06/2009] [20:21 17/06/2009]
Adobe Help.lnk --a---- 728 bytes [08:28 06/08/2011] [08:28 06/08/2011]
Adobe Reader 9.lnk --a---- 2347 bytes [18:24 23/08/2009] [18:24 23/08/2009]
Adobe Reader XI.lnk --a---- 2347 bytes [13:32 15/01/2013] [09:37 20/01/2013]
Advanced Uninstaller PRO 11.lnk --a---- 1719 bytes [17:37 20/06/2012] [17:37 20/06/2012]
Apple Software Update.lnk --a---- 1830 bytes [10:35 17/04/2009] [17:46 30/09/2011]
Audacity.lnk --a---- 636 bytes [19:12 10/07/2009] [19:12 10/07/2009]
desktop.ini --ahs-- 62 bytes [23:10 12/04/2009] [23:10 12/04/2009]
MSN Explorer.lnk --a---- 1840 bytes [17:07 13/04/2009] [17:07 13/04/2009]
Opera.lnk --a---- 1498 bytes [11:57 03/04/2011] [11:57 03/04/2011]
Paint.NET.lnk --a---- 818 bytes [10:46 12/09/2009] [14:14 08/01/2012]
RPG Maker VX.lnk --a---- 587 bytes [12:10 14/04/2009] [20:54 29/07/2011]
RPG Maker XP.lnk --a---- 1836 bytes [20:54 25/06/2009] [20:54 25/06/2009]
Westwood Chat.lnk --a---- 628 bytes [17:51 27/11/2009] [17:51 27/11/2009]
Windows Live ID.lnk --a---- 1077 bytes [18:18 04/03/2011] [18:18 04/03/2011]
Windows Messenger.lnk --a---- 893 bytes [17:07 13/04/2009] [17:07 13/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\3DO d------ [10:27 03/07/2009]
GameUpdate.lnk --a---- 599 bytes [10:27 03/07/2009] [16:37 04/07/2012]
Support.lnk --a---- 688 bytes [10:27 03/07/2009] [16:37 04/07/2012]
System Information.lnk --a---- 688 bytes [10:27 03/07/2009] [16:37 04/07/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\3DO\Heroes 3 Complete d------ [10:27 03/07/2009]
Heroes 3 Armageddon's Blade Manual.lnk --a---- 1570 bytes [10:27 03/07/2009] [16:33 04/07/2012]
Heroes 3 Campaign Editor.lnk --a---- 1519 bytes [10:27 03/07/2009] [16:33 04/07/2012]
Heroes 3 Manual.lnk --a---- 1536 bytes [10:27 03/07/2009] [16:33 04/07/2012]
Heroes 3 Map Editor.lnk --a---- 1510 bytes [10:27 03/07/2009] [16:33 04/07/2012]
Heroes 3 Shadow of Death Manual.lnk --a---- 1590 bytes [10:27 03/07/2009] [16:33 04/07/2012]
Heroes 3 Tutorial.lnk --a---- 1610 bytes [10:27 03/07/2009] [16:33 04/07/2012]
Heroes of Might and Magic III Complete.lnk --a---- 1510 bytes [10:27 03/07/2009] [16:33 04/07/2012]
Uninstall Heroes of Might and Magic Complete.lnk --a---- 1609 bytes [10:27 03/07/2009] [16:33 04/07/2012]
View Readme.lnk --a---- 1428 bytes [10:27 03/07/2009] [16:33 04/07/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\3DO\Heroes II Gold d------ [13:58 16/04/2010]
Heroes II Gold Manual.lnk --a---- 1552 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Heroes II Gold Map Editor.lnk --a---- 1516 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Heroes II Gold.lnk --a---- 1516 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Uninstall Heroes II Gold.lnk --a---- 1465 bytes [13:58 16/04/2010] [13:58 16/04/2010]
View Readme.lnk --a---- 1452 bytes [13:58 16/04/2010] [13:58 16/04/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\3DO\Heroes II Gold\Journals d------ [13:58 16/04/2010]
Betrayal Notes.lnk --a---- 1478 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Gates of Hell Notes.lnk --a---- 1478 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Ghost Planet Notes.lnk --a---- 1472 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Roc 'Round the Clock Notes.lnk --a---- 1478 bytes [13:58 16/04/2010] [13:58 16/04/2010]
The Road Home Notes.lnk --a---- 1478 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Thunk Journal 1.lnk --a---- 1474 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Thunk Journal 2.lnk --a---- 1474 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Thunk Journal 3.lnk --a---- 1474 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Thunk Journal 4.lnk --a---- 1474 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Thunk Journal 5.lnk --a---- 1474 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Wizards Land 1 Conclusion.lnk --a---- 1478 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Wizards Land 1 Intro.lnk --a---- 1476 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Wizards Land 2 Conclusion.lnk --a---- 1478 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Wizards Land 2 Intro.lnk --a---- 1476 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Wizards Land 3 Conclusion.lnk --a---- 1478 bytes [13:58 16/04/2010] [13:58 16/04/2010]
Wizards Land 3 Intro.lnk --a---- 1476 bytes [13:58 16/04/2010] [13:58 16/04/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\4U Download YouTube Video d------ [20:21 17/06/2009]
4U Download YouTube Video.lnk --a---- 883 bytes [20:21 17/06/2009] [20:21 17/06/2009]
FAQ.lnk --a---- 792 bytes [20:21 17/06/2009] [20:21 17/06/2009]
Help.lnk --a---- 883 bytes [20:21 17/06/2009] [20:21 17/06/2009]
How to registry.lnk --a---- 823 bytes [20:21 17/06/2009] [20:21 17/06/2009]
License Agreement.lnk --a---- 816 bytes [20:21 17/06/2009] [20:21 17/06/2009]
Readme.lnk --a---- 811 bytes [20:21 17/06/2009] [20:21 17/06/2009]
Uninstall 4U Download YouTube Video.lnk --a---- 823 bytes [20:21 17/06/2009] [20:21 17/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\7-Zip d------ [14:01 11/06/2009]
7-Zip File Manager.lnk --a---- 645 bytes [14:01 11/06/2009] [14:01 11/06/2009]
7-Zip Help.lnk --a---- 650 bytes [14:01 11/06/2009] [14:01 11/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\A Tale of Two Kingdoms d------ [17:40 06/06/2009]
A Tale of Two Kingdoms.lnk --a---- 1569 bytes [17:41 06/06/2009] [17:41 06/06/2009]
Configure the game.lnk --a---- 1594 bytes [17:41 06/06/2009] [17:41 06/06/2009]
Read the Manual.lnk --a---- 1578 bytes [17:41 06/06/2009] [17:41 06/06/2009]
Uninstall A Tale of Two Kingdoms.lnk --a---- 1425 bytes [17:40 06/06/2009] [17:40 06/06/2009]
Visit our website.lnk --a---- 1685 bytes [17:41 06/06/2009] [17:41 06/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Adobe d------ [08:31 06/08/2011]
Adobe Media Player.lnk --a---- 742 bytes [08:31 06/08/2011] [08:31 06/08/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Advanced Uninstaller PRO d------ [17:37 20/06/2012]
Advanced Uninstaller PRO 11.lnk --a---- 1725 bytes [17:37 20/06/2012] [17:37 20/06/2012]
Uninstall.lnk --a---- 806 bytes [17:37 20/06/2012] [17:37 20/06/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Adventures of MISTER BIG T 4 - New Chapter d------ [14:00 05/04/2010]
Adventures of MISTER BIG T 4 - New Chapter.LNK --a---- 692 bytes [14:00 05/04/2010] [14:00 05/04/2010]
Give Me Beer Website.URL --a---- 50 bytes [14:00 05/04/2010] [14:00 05/04/2010]
Uninstall Adventures of MISTER BIG T 4 - New Chapter.LNK --a---- 709 bytes [14:00 05/04/2010] [14:00 05/04/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Alcohol 52% d------ [15:50 28/11/2009]
A.C.I.D. Wizard.lnk --a---- 821 bytes [15:50 28/11/2009] [15:50 28/11/2009]
Alcohol 52%.lnk --a---- 838 bytes [15:50 28/11/2009] [15:50 28/11/2009]
Alcohol Command Launcher.lnk --a---- 826 bytes [15:50 28/11/2009] [15:50 28/11/2009]
Uninstall Alcohol 52%.lnk --a---- 833 bytes [15:50 28/11/2009] [15:50 28/11/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Apuohjelmat dr----- [17:05 13/04/2009]
desktop.ini --ahs-- 316 bytes [17:07 13/04/2009] [11:26 14/11/2011]
Etätyöpöytäyhteys.lnk --a---- 1617 bytes [08:14 14/04/2009] [08:14 14/04/2009]
Laskin.lnk --a---- 1498 bytes [17:07 13/04/2009] [14:12 18/04/2009]
Paint.lnk --a---- 1515 bytes [17:07 13/04/2009] [15:42 19/04/2009]
Scanner and Camera Wizard.lnk --a---- 710 bytes [13:26 11/05/2009] [11:26 14/11/2011]
Windows Movie Maker.lnk --a---- 790 bytes [17:09 13/04/2009] [17:09 13/04/2009]
WordPad.lnk --a---- 879 bytes [17:07 13/04/2009] [17:07 13/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Apuohjelmat\Helppokäyttötoiminnot dr----- [17:07 13/04/2009]
desktop.ini --ahs-- 98 bytes [17:07 13/04/2009] [17:07 13/04/2009]
Ohjattu helppokäyttötoiminto.lnk --a---- 1520 bytes [17:07 13/04/2009] [13:08 28/02/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Apuohjelmat\Järjestelmätyökalut dr----- [17:07 13/04/2009]
Ajoitetut tehtävät.lnk --a---- 1753 bytes [17:09 13/04/2009] [13:08 28/02/2013]
Aktivoi Windows.lnk --a---- 1599 bytes [17:10 13/04/2009] [13:08 28/02/2013]
desktop.ini --ahs-- 734 bytes [17:07 13/04/2009] [07:24 14/04/2009]
Järjestelmän palauttaminen.lnk --a---- 1616 bytes [17:09 13/04/2009] [13:08 28/02/2013]
Järjestelmätiedot.lnk --a---- 1070 bytes [17:09 13/04/2009] [17:09 13/04/2009]
Levyn eheytys.lnk --a---- 1572 bytes [17:09 13/04/2009] [13:08 28/02/2013]
Levyn uudelleenjärjestäminen.lnk --a---- 1532 bytes [17:09 13/04/2009] [13:08 28/02/2013]
Merkistö.lnk --a---- 1521 bytes [17:07 13/04/2009] [13:08 28/02/2013]
Ohjattu tiedostojen ja asetusten siirtäminen.lnk --a---- 1591 bytes [17:10 13/04/2009] [13:08 28/02/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Apuohjelmat\Tietoliikenneyhteydet dr----- [17:05 13/04/2009]
desktop.ini --ahs-- 525 bytes [17:05 13/04/2009] [08:16 14/04/2009]
HyperTerminal.lnk --a---- 786 bytes [17:07 13/04/2009] [17:07 13/04/2009]
Ohjattu langattoman verkon asennus.lnk --a---- 1656 bytes [07:24 14/04/2009] [13:08 28/02/2013]
Ohjattu verkkoyhteyden muodostaminen.lnk --a---- 1646 bytes [17:05 13/04/2009] [13:08 28/02/2013]
Ohjattu verkon asennus.lnk --a---- 1640 bytes [17:09 13/04/2009] [13:08 28/02/2013]
Verkkoyhteydet.lnk --a---- 1757 bytes [17:05 13/04/2009] [13:08 28/02/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Apuohjelmat\Viihde dr----- [17:07 13/04/2009]
desktop.ini --ahs-- 152 bytes [17:07 13/04/2009] [17:07 13/04/2009]
Äänenvoimakkuuden säätö.lnk --a---- 1528 bytes [17:07 13/04/2009] [13:08 28/02/2013]
Ääninauhuri.lnk --a---- 1528 bytes [17:07 13/04/2009] [15:13 10/12/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\AVG d------ [11:05 15/03/2013]
AVG 2013.lnk --a---- 714 bytes [11:05 15/03/2013] [11:05 15/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Badosoft d------ [13:32 11/06/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Badosoft\Latency Optimizer d------ [13:32 11/06/2012]
Latency Optimizer.lnk --a---- 2038 bytes [13:32 11/06/2012] [13:32 11/06/2012]
Uninstall.lnk --a---- 2004 bytes [13:32 11/06/2012] [13:32 11/06/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Baldur's Gate Tutu d------ [10:49 08/05/2011]
Baldur's Gate Tutu.lnk --a---- 1432 bytes [10:49 08/05/2011] [10:49 08/05/2011]
Configure Tutu Game Options.lnk --a---- 1448 bytes [10:49 08/05/2011] [10:49 08/05/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Battle for Wesnoth d------ [16:17 09/06/2009]
Battle for Wesnoth.lnk --a---- 681 bytes [16:17 09/06/2009] [21:47 19/09/2009]
Changelog.lnk --a---- 693 bytes [16:17 09/06/2009] [21:47 19/09/2009]
License.lnk --a---- 681 bytes [16:17 09/06/2009] [21:47 19/09/2009]
Manual.lnk --a---- 777 bytes [16:17 09/06/2009] [21:47 19/09/2009]
Map editor.lnk --a---- 1581 bytes [16:17 09/06/2009] [21:47 19/09/2009]
Multiplayer server.lnk --a---- 688 bytes [16:17 09/06/2009] [21:47 19/09/2009]
Player's changelog.lnk --a---- 733 bytes [16:17 09/06/2009] [21:47 19/09/2009]
Uninstall.lnk --a---- 693 bytes [16:17 09/06/2009] [21:47 19/09/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Battle for Wesnoth 1.10.4 d------ [19:48 01/10/2012]
Battle for Wesnoth.lnk --a---- 602 bytes [19:48 01/10/2012] [19:48 01/10/2012]
Changelog.lnk --a---- 614 bytes [19:48 01/10/2012] [19:48 01/10/2012]
License.lnk --a---- 602 bytes [19:48 01/10/2012] [19:48 01/10/2012]
Manual.lnk --a---- 698 bytes [19:48 01/10/2012] [19:48 01/10/2012]
Map editor.lnk --a---- 1480 bytes [19:48 01/10/2012] [19:48 01/10/2012]
Multiplayer server.lnk --a---- 609 bytes [19:48 01/10/2012] [19:48 01/10/2012]
Player's changelog.lnk --a---- 654 bytes [19:48 01/10/2012] [19:48 01/10/2012]
Uninstall.lnk --a---- 614 bytes [19:48 01/10/2012] [19:48 01/10/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Battle for Wesnoth 1.8.4 d------ [20:08 28/08/2010]
Battle for Wesnoth.lnk --a---- 725 bytes [20:08 28/08/2010] [20:08 28/08/2010]
Changelog.lnk --a---- 737 bytes [20:08 28/08/2010] [20:08 28/08/2010]
License.lnk --a---- 725 bytes [20:08 28/08/2010] [20:08 28/08/2010]
Manual.lnk --a---- 821 bytes [20:08 28/08/2010] [20:08 28/08/2010]
Map editor.lnk --a---- 1637 bytes [20:08 28/08/2010] [20:08 28/08/2010]
Multiplayer server.lnk --a---- 732 bytes [20:08 28/08/2010] [20:08 28/08/2010]
Player's changelog.lnk --a---- 777 bytes [20:08 28/08/2010] [20:08 28/08/2010]
Uninstall.lnk --a---- 737 bytes [20:08 28/08/2010] [20:08 28/08/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Battle for Wesnoth 1.8.5 d------ [13:35 12/11/2010]
Battle for Wesnoth.lnk --a---- 725 bytes [13:35 12/11/2010] [13:35 12/11/2010]
Changelog.lnk --a---- 737 bytes [13:35 12/11/2010] [13:35 12/11/2010]
License.lnk --a---- 725 bytes [13:35 12/11/2010] [13:35 12/11/2010]
Manual.lnk --a---- 821 bytes [13:35 12/11/2010] [13:35 12/11/2010]
Map editor.lnk --a---- 1637 bytes [13:35 12/11/2010] [13:35 12/11/2010]
Multiplayer server.lnk --a---- 732 bytes [13:35 12/11/2010] [13:35 12/11/2010]
Player's changelog.lnk --a---- 777 bytes [13:35 12/11/2010] [13:35 12/11/2010]
Uninstall.lnk --a---- 737 bytes [13:35 12/11/2010] [13:35 12/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Battle for Wesnoth 1.8.6 d------ [13:50 09/09/2011]
Battle for Wesnoth.lnk --a---- 725 bytes [13:50 09/09/2011] [13:50 09/09/2011]
Changelog.lnk --a---- 737 bytes [13:50 09/09/2011] [13:50 09/09/2011]
License.lnk --a---- 725 bytes [13:50 09/09/2011] [13:50 09/09/2011]
Manual.lnk --a---- 821 bytes [13:50 09/09/2011] [13:50 09/09/2011]
Map editor.lnk --a---- 1637 bytes [13:50 09/09/2011] [13:50 09/09/2011]
Multiplayer server.lnk --a---- 732 bytes [13:50 09/09/2011] [13:50 09/09/2011]
Player's changelog.lnk --a---- 777 bytes [13:50 09/09/2011] [13:50 09/09/2011]
Uninstall.lnk --a---- 737 bytes [13:50 09/09/2011] [13:50 09/09/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\BATTLE ISLE 3 d------ [12:18 22/07/2011]
Battle Isle 3 Musicclip.lnk --a---- 341 bytes [12:18 22/07/2011] [12:18 22/07/2011]
Battle Isle 3 Network Setup.lnk --a---- 296 bytes [12:18 22/07/2011] [12:18 22/07/2011]
BATTLE ISLE 3 Setup.lnk --a---- 579 bytes [12:18 22/07/2011] [12:18 22/07/2011]
BATTLE ISLE 3.lnk --a---- 571 bytes [12:18 22/07/2011] [12:18 22/07/2011]
Readme.lnk --a---- 276 bytes [12:18 22/07/2011] [12:18 22/07/2011]
Unit Animation Setup.lnk --a---- 441 bytes [12:18 22/07/2011] [12:18 22/07/2011]
VFW 1.1e Setup PLEASE READ REF.CARD.lnk --a---- 329 bytes [12:18 22/07/2011] [12:18 22/07/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Best MIDI to MP3 d------ [09:39 20/02/2010]
Best MIDI to MP3 on the Web.lnk --a---- 505 bytes [09:39 20/02/2010] [09:39 20/02/2010]
Best MIDI to MP3.lnk --a---- 682 bytes [09:39 20/02/2010] [09:39 20/02/2010]
Help.lnk --a---- 658 bytes [09:39 20/02/2010] [09:39 20/02/2010]
Uninstall Best MIDI to MP3.lnk --a---- 682 bytes [09:39 20/02/2010] [09:39 20/02/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\CamStudio d------ [12:32 21/08/2011]
Camstudio-Recorder.lnk --a---- 674 bytes [12:32 21/08/2011] [12:32 21/08/2011]
Player.lnk --a---- 662 bytes [12:32 21/08/2011] [12:32 21/08/2011]
PlayerPlus.lnk --a---- 684 bytes [12:32 21/08/2011] [12:32 21/08/2011]
SWF-Producer.lnk --a---- 674 bytes [12:32 21/08/2011] [12:32 21/08/2011]
Uninstall CamStudio.lnk --a---- 674 bytes [12:32 21/08/2011] [12:32 21/08/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Canon CAPT -työkalut d------ [13:50 11/05/2009]
Canon CAPT asennuksen purku.LNK --a---- 1035 bytes [13:50 11/05/2009] [15:42 16/11/2010]
Canon LBP-810 ohje.LNK --a---- 998 bytes [13:50 11/05/2009] [15:42 16/11/2010]
Canon LBP-810 tilaikkuna.LNK --a---- 1022 bytes [13:50 11/05/2009] [15:42 16/11/2010]
Canon LBP-810 vianmääritys.LNK --a---- 1033 bytes [13:50 11/05/2009] [15:42 16/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\cFosSpeed Traffic Shaping d------ [13:07 11/06/2012]
cFosSpeed console.lnk --a---- 1421 bytes [13:07 11/06/2012] [13:07 11/06/2012]
cFosSpeed menu.lnk --a---- 734 bytes [13:07 11/06/2012] [13:07 11/06/2012]
Start cFosSpeed window.lnk --a---- 706 bytes [13:07 11/06/2012] [13:07 11/06/2012]
Uninstall cFosSpeed.lnk --a---- 704 bytes [13:07 11/06/2012] [13:07 11/06/2012]
www.cfos.de.lnk --a---- 240 bytes [13:07 11/06/2012] [13:07 11/06/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Cheat Engine 5.5 d------ [13:17 22/10/2009]
Cheat Engine 5.5.lnk --a---- 622 bytes [13:17 22/10/2009] [13:17 22/10/2009]
Cheat Engine help.lnk --a---- 617 bytes [13:17 22/10/2009] [13:17 22/10/2009]
Cheat Engine tutorial.lnk --a---- 602 bytes [13:17 22/10/2009] [13:17 22/10/2009]
Reset settings.lnk --a---- 612 bytes [13:17 22/10/2009] [13:17 22/10/2009]
Uninstall Cheat Engine.lnk --a---- 602 bytes [13:17 22/10/2009] [13:17 22/10/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Cheat Engine 5.5\Kernel stuff d------ [13:17 22/10/2009]
Gather kernel data.lnk --a---- 663 bytes [13:17 22/10/2009] [13:17 22/10/2009]
Unload kernel module.lnk --a---- 668 bytes [13:17 22/10/2009] [13:17 22/10/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Command & Conquer d------ [17:51 27/11/2009]
Red Alert.lnk --a---- 904 bytes [17:51 27/11/2009] [17:51 27/11/2009]
Tiberian Dawn.lnk --a---- 869 bytes [17:51 27/11/2009] [17:51 27/11/2009]
Tiberian Sun.lnk --a---- 982 bytes [17:51 27/11/2009] [17:51 27/11/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Crimson Fields d------ [16:52 20/07/2011]
Crimson Fields.lnk --a---- 1504 bytes [16:52 20/07/2011] [16:52 20/07/2011]
Level Editor.lnk --a---- 1488 bytes [16:52 20/07/2011] [16:52 20/07/2011]
Uninstall Crimson Fields.lnk --a---- 607 bytes [16:52 20/07/2011] [16:52 20/07/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\dBpoweramp Music Converter d------ [20:03 26/11/2010]
dBpoweramp Batch Converter.lnk --a---- 716 bytes [20:03 26/11/2010] [20:03 26/11/2010]
dBpoweramp CD Ripper.lnk --a---- 669 bytes [20:03 26/11/2010] [20:03 26/11/2010]
dBpoweramp Music Converter.lnk --a---- 711 bytes [20:03 26/11/2010] [20:03 26/11/2010]
Register dBpoweramp.lnk --a---- 310 bytes [20:03 26/11/2010] [20:03 26/11/2010]
Uninstall dMC.lnk --a---- 872 bytes [20:03 26/11/2010] [20:03 26/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\dBpoweramp Music Converter\Configuration d------ [20:03 26/11/2010]
dBpoweramp Configuration.lnk --a---- 687 bytes [20:03 26/11/2010] [20:03 26/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\dBpoweramp Music Converter\Help d------ [20:03 26/11/2010]
dBpoweramp Music Converter Help.lnk --a---- 820 bytes [20:03 26/11/2010] [20:03 26/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\dBpoweramp Music Converter\Help\Codecs d------ [20:03 26/11/2010]
FLAC Codec Help.lnk --a---- 907 bytes [20:03 26/11/2010] [20:03 26/11/2010]
mp3 (Lame) Codec Help.lnk --a---- 838 bytes [20:03 26/11/2010] [20:03 26/11/2010]
Wave Codec Help.lnk --a---- 821 bytes [20:03 26/11/2010] [20:03 26/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DemonStar_Shareware d------ [20:09 31/10/2011]
DemonStar Help.lnk --a---- 696 bytes [20:09 31/10/2011] [20:09 31/10/2011]
Get More Games !.lnk --a---- 676 bytes [20:09 31/10/2011] [20:09 31/10/2011]
Order FULL DemonStar.lnk --a---- 676 bytes [20:09 31/10/2011] [20:09 31/10/2011]
Play DemonStar.lnk --a---- 1519 bytes [20:09 31/10/2011] [20:09 31/10/2011]
Read Me.lnk --a---- 683 bytes [20:09 31/10/2011] [20:09 31/10/2011]
Technical Support.lnk --a---- 688 bytes [20:09 31/10/2011] [20:09 31/10/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Direct MIDI to MP3 Converter d------ [12:19 06/12/2010]
Direct MIDI to MP3 Converter Help.lnk --a---- 742 bytes [12:19 06/12/2010] [12:19 06/12/2010]
Direct MIDI to MP3 Converter on the Web.lnk --a---- 569 bytes [12:19 06/12/2010] [12:19 06/12/2010]
Direct MIDI to MP3 Converter.lnk --a---- 839 bytes [12:19 06/12/2010] [12:19 06/12/2010]
Read Me.lnk --a---- 730 bytes [12:19 06/12/2010] [12:19 06/12/2010]
Uninstall Direct MIDI to MP3 Converter.lnk --a---- 742 bytes [12:19 06/12/2010] [12:19 06/12/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DivX Plus d------ [10:39 26/02/2011]
Check for Updates.lnk --a---- 867 bytes [10:39 26/02/2011] [13:21 20/12/2011]
Codec Settings.lnk --a---- 869 bytes [10:39 26/02/2011] [10:39 26/02/2011]
DivX Plus Converter.lnk --a---- 1769 bytes [10:39 26/02/2011] [12:48 15/04/2011]
DivX Plus Player.lnk --a---- 789 bytes [13:22 20/12/2011] [13:22 20/12/2011]
DivX Support.lnk --a---- 1034 bytes [10:40 26/02/2011] [13:23 20/12/2011]
Post DivX® video to your website.lnk --a---- 1034 bytes [10:40 26/02/2011] [13:23 20/12/2011]
Register.lnk --a---- 879 bytes [10:39 26/02/2011] [13:21 20/12/2011]
Why Buy DivX Pro.lnk --a---- 1040 bytes [10:40 26/02/2011] [13:23 20/12/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DOOM Collector's Edition d------ [12:18 18/09/2009]
Readme.lnk --a---- 740 bytes [12:18 18/09/2009] [11:47 20/11/2010]
Uninstall DOOM Collector's Edition.lnk --a---- 631 bytes [12:18 18/09/2009] [11:47 20/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DOOM Collector's Edition\DOOM II d------ [12:18 18/09/2009]
DOOM II Manual (.pdf).lnk --a---- 1983 bytes [12:18 18/09/2009] [11:47 20/11/2010]
DOOM II.lnk --a---- 1698 bytes [12:18 18/09/2009] [11:47 20/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DOOM Collector's Edition\Final DOOM d------ [12:18 18/09/2009]
Final DOOM Manual (.pdf).lnk --a---- 2027 bytes [12:18 18/09/2009] [11:47 20/11/2010]
Final DOOM.lnk --a---- 1737 bytes [12:18 18/09/2009] [11:47 20/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DOOM Collector's Edition\Ultimate DOOM d------ [12:18 18/09/2009]
Ultimate DOOM Manual (.pdf).lnk --a---- 2057 bytes [12:18 18/09/2009] [11:47 20/11/2010]
Ultimate DOOM.lnk --a---- 1758 bytes [12:18 18/09/2009] [11:47 20/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DOOM Collector's Edition\Web Links d------ [12:18 18/09/2009]
Activision Support website.lnk --a---- 1691 bytes [12:18 18/09/2009] [11:47 20/11/2010]
Activision Website.lnk --a---- 1651 bytes [12:18 18/09/2009] [11:47 20/11/2010]
id software.lnk --a---- 1647 bytes [12:18 18/09/2009] [11:47 20/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DOSBox-0.73 d------ [17:08 06/01/2010]
Capture folder.lnk --a---- 759 bytes [17:08 06/01/2010] [17:08 06/01/2010]
DOSBox (noconsole).lnk --a---- 1595 bytes [17:08 06/01/2010] [17:08 06/01/2010]
DOSBox.lnk --a---- 1573 bytes [17:08 06/01/2010] [17:08 06/01/2010]
README.lnk --a---- 705 bytes [17:08 06/01/2010] [17:08 06/01/2010]
Uninstall.lnk --a---- 1415 bytes [17:08 06/01/2010] [17:08 06/01/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DOSBox-0.73\Configuration d------ [17:08 06/01/2010]
Edit Configuration.lnk --a---- 913 bytes [17:08 06/01/2010] [17:08 06/01/2010]
Reset Configuration.lnk --a---- 733 bytes [17:08 06/01/2010] [17:08 06/01/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\DOSBox-0.73\Video d------ [17:08 06/01/2010]
Install movie codec.lnk --a---- 689 bytes [17:08 06/01/2010] [17:08 06/01/2010]
Video instructions.lnk --a---- 778 bytes [17:08 06/01/2010] [17:08 06/01/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Easy Screen Capture Video d------ [13:05 27/07/2009]
Easy Screen Capture Video.lnk --a---- 1946 bytes [13:05 27/07/2009] [13:05 27/07/2009]
Uninstall escv.lnk --a---- 1699 bytes [13:05 27/07/2009] [13:05 27/07/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Eschalon Book I d------ [08:30 22/07/2011]
Eschalon Book I.lnk --a---- 652 bytes [08:30 22/07/2011] [08:30 22/07/2011]
Eschalon Player's Manual.lnk --a---- 692 bytes [08:30 22/07/2011] [08:30 22/07/2011]
Uninstall Eschalon Book I.lnk --a---- 617 bytes [08:30 22/07/2011] [08:30 22/07/2011]
Visit Basilisk Games on the Web.url --a---- 51 bytes [08:30 22/07/2011] [08:30 22/07/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\FLV to AVI Video Converter d------ [19:57 16/06/2009]
FLV to AVI Video Converter on the Web.lnk --a---- 623 bytes [19:57 16/06/2009] [19:57 16/06/2009]
FLV to AVI Video Converter.lnk --a---- 787 bytes [19:57 16/06/2009] [19:57 16/06/2009]
iPod Video Converter on the Web.lnk --a---- 629 bytes [19:57 16/06/2009] [19:57 16/06/2009]
Uninstall FLV to AVI Video Converter.lnk --a---- 757 bytes [19:57 16/06/2009] [19:57 16/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\FTL Faster Than Light d------ [11:13 27/09/2012]
FTL.lnk --a---- 570 bytes [11:13 27/09/2012] [11:13 27/09/2012]
Readme.lnk --a---- 592 bytes [11:13 27/09/2012] [11:13 27/09/2012]
Uninstall FTL.lnk --a---- 577 bytes [11:13 27/09/2012] [11:13 27/09/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com d------ [16:04 15/04/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com\Baldur's Gate d------ [18:39 01/05/2011]
Baldur's Gate.lnk --a---- 1404 bytes [18:39 01/05/2011] [10:32 08/05/2011]
Config.lnk --a---- 566 bytes [18:39 01/05/2011] [10:32 08/05/2011]
Uninstall Baldur's Gate.lnk --a---- 552 bytes [18:39 01/05/2011] [10:32 08/05/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com\Baldur's Gate\Documents d------ [18:39 01/05/2011]
Manual Addon.lnk --a---- 604 bytes [18:39 01/05/2011] [10:32 08/05/2011]
Manual.lnk --a---- 572 bytes [18:39 01/05/2011] [10:32 08/05/2011]
Map.lnk --a---- 553 bytes [18:39 01/05/2011] [10:32 08/05/2011]
Readme Addon.lnk --a---- 604 bytes [18:39 01/05/2011] [10:32 08/05/2011]
Readme.lnk --a---- 572 bytes [18:39 01/05/2011] [10:32 08/05/2011]
Support (online).url --a---- 133 bytes [18:39 01/05/2011] [10:32 08/05/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com\Gabriel Knight - Sins of the Fathers d------ [13:46 29/07/2011]
Gabriel Knight - Sins of the Fathers.lnk --a---- 1647 bytes [13:46 29/07/2011] [13:46 29/07/2011]
Graphic mode setup.lnk --a---- 1636 bytes [13:46 29/07/2011] [13:46 29/07/2011]
Uninstall Gabriel Knight - Sins of the Fathers.lnk --a---- 618 bytes [13:46 29/07/2011] [13:46 29/07/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com\Gabriel Knight - Sins of the Fathers\Documents d------ [13:46 29/07/2011]
Customer Support.lnk --a---- 714 bytes [13:46 29/07/2011] [13:46 29/07/2011]
Manual.lnk --a---- 662 bytes [13:46 29/07/2011] [13:46 29/07/2011]
Readme.lnk --a---- 662 bytes [13:46 29/07/2011] [13:46 29/07/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com\Outcast d------ [18:48 30/12/2011]
Outcast.lnk --a---- 1446 bytes [18:48 30/12/2011] [18:48 30/12/2011]
Uninstall Outcast.lnk --a---- 581 bytes [18:48 30/12/2011] [18:48 30/12/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com\Outcast\Documents d------ [18:48 30/12/2011]
Manual.lnk --a---- 611 bytes [18:48 30/12/2011] [18:48 30/12/2011]
Readme.lnk --a---- 611 bytes [18:48 30/12/2011] [18:48 30/12/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com\Planescape Torment d------ [17:19 20/05/2012]
Planescape Torment.lnk --a---- 1458 bytes [17:20 20/05/2012] [17:20 20/05/2012]
Uninstall Planescape Torment.lnk --a---- 581 bytes [17:19 20/05/2012] [17:19 20/05/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\GOG.com\Planescape Torment\Documents d------ [17:19 20/05/2012]
Manual.lnk --a---- 611 bytes [17:19 20/05/2012] [17:19 20/05/2012]
Readme.lnk --a---- 611 bytes [17:19 20/05/2012] [17:19 20/05/2012]
Support (online).url --a---- 126 bytes [17:20 20/05/2012] [17:20 20/05/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Google Talk d------ [09:01 14/04/2009]
Google Talk.lnk --a---- 894 bytes [09:01 14/04/2009] [09:01 14/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Google Talk\Support d------ [09:01 14/04/2009]
Google Talk Diagnostic Mode.lnk --a---- 1004 bytes [09:01 14/04/2009] [09:01 14/04/2009]
Uninstall Google Talk.lnk --a---- 819 bytes [09:01 14/04/2009] [09:01 14/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Hewlett-Packard d------ [17:38 13/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Hewlett-Packard\HP PSC 2170 Series d------ [13:27 11/05/2009]
HP Director.lnk --a---- 785 bytes [13:27 11/05/2009] [13:27 11/05/2009]
HP valokuva- ja kuvankäsittelyohjelman Ohje.lnk --a---- 807 bytes [13:27 11/05/2009] [13:27 11/05/2009]
HP-albumitulostus.lnk --a---- 799 bytes [13:27 11/05/2009] [13:27 11/05/2009]
HP-n tuotetuen WWW-sivu.lnk --a---- 1053 bytes [13:27 11/05/2009] [13:27 11/05/2009]
Kuvaeditori.lnk --a---- 785 bytes [13:27 11/05/2009] [13:27 11/05/2009]
Lueminut.lnk --a---- 797 bytes [13:27 11/05/2009] [13:27 11/05/2009]
Poista ohjelmisto.lnk --a---- 1179 bytes [13:27 11/05/2009] [13:27 11/05/2009]
Tuote-esittely.lnk --a---- 1011 bytes [13:27 11/05/2009] [13:27 11/05/2009]
Tuotteen rekisteröiminen.lnk --a---- 775 bytes [13:27 11/05/2009] [13:27 11/05/2009]
Valokuvagalleria.lnk --a---- 785 bytes [13:27 11/05/2009] [13:27 11/05/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Hewlett-Packard\Memories Disc d------ [17:38 13/04/2009]
Lisenssi.lnk --a---- 701 bytes [17:38 13/04/2009] [17:38 13/04/2009]
Muistolevy.lnk --a---- 687 bytes [17:38 13/04/2009] [17:38 13/04/2009]
Ohje.lnk --a---- 697 bytes [17:38 13/04/2009] [17:38 13/04/2009]
Readme-tiedosto.lnk --a---- 697 bytes [17:38 13/04/2009] [17:38 13/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\IceChat7 d------ [11:25 02/07/2009]
IceChat.lnk --a---- 642 bytes [11:25 02/07/2009] [11:25 02/07/2009]
Uninstall IceChat.lnk --a---- 642 bytes [11:25 02/07/2009] [11:25 02/07/2009]
Visit Our Website for Updates - www.icechat.net.lnk --a---- 635 bytes [11:25 02/07/2009] [11:25 02/07/2009]
Visit the IceChat Forums.lnk --a---- 630 bytes [11:25 02/07/2009] [11:25 02/07/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\id Software d------ [11:56 28/05/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\id Software\Quake Live d------ [11:56 28/05/2012]
Quake Live Forums.url --a---- 130 bytes [13:56 14/02/2012] [13:56 14/02/2012]
Quake Live Home Page.url --a---- 124 bytes [13:56 14/02/2012] [13:56 14/02/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\ips XP d------ [09:37 08/07/2009]
ips XP 1.11.2600.lnk --a---- 710 bytes [09:37 08/07/2009] [09:37 08/07/2009]
ips XP ReadMe.lnk --a---- 1468 bytes [09:37 08/07/2009] [09:37 08/07/2009]
Tenchi's Seiken Densetsu 3 page.lnk --a---- 1602 bytes [09:37 08/07/2009] [09:37 08/07/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\iTunes d------ [17:51 30/09/2011]
iTunes.lnk --a---- 1554 bytes [17:51 30/09/2011] [17:51 30/09/2011]
Tietoja iTunesista.lnk --a---- 1814 bytes [17:51 30/09/2011] [17:51 30/09/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys dr----- [23:10 12/04/2009]
desktop.ini --ahs-- 84 bytes [23:10 12/04/2009] [17:10 13/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\LibUSB-Win32 d------ [14:12 31/12/2009]
GPL License.lnk --a---- 677 bytes [14:13 31/12/2009] [14:13 31/12/2009]
LGPL License.lnk --a---- 682 bytes [14:13 31/12/2009] [14:13 31/12/2009]
Test Program.lnk --a---- 752 bytes [14:12 31/12/2009] [14:12 31/12/2009]
Uninstall LibUsb-Win32.lnk --a---- 662 bytes [14:13 31/12/2009] [14:13 31/12/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Logitech d------ [12:37 01/07/2010]
Logitech Gaming Software 8.35.lnk --a---- 787 bytes [15:11 09/10/2012] [15:11 09/10/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Logitech\Hiiri ja näppäimistö d------ [12:37 01/07/2010]
Hiiren ja näppäimistön asetukset.lnk --a---- 1699 bytes [12:37 01/07/2010] [12:37 01/07/2010]
Tukikeskus.lnk --a---- 1693 bytes [12:37 01/07/2010] [12:37 01/07/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Logitech\Unifying d------ [12:39 01/07/2010]
Logitechin Unifying-ohjelmisto.lnk --a---- 946 bytes [12:39 01/07/2010] [12:39 01/07/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\LogMeIn Hamachi d------ [09:50 12/12/2012]
LogMeIn Hamachi.lnk --a---- 655 bytes [09:50 12/12/2012] [09:50 12/12/2012]
Uninstall.lnk --a---- 1479 bytes [09:50 12/12/2012] [09:50 12/12/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Mario Forever 5.01 d------ [16:44 19/06/2011]
Mario Forever 5.01.lnk --a---- 735 bytes [16:45 19/06/2011] [16:45 19/06/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Mario Forever 5.01\Game Database d------ [16:44 19/06/2011]
Girls Games.lnk --a---- 1674 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Legend of Zelda Games.lnk --a---- 1722 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Mario Forever Games.lnk --a---- 1688 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Megaman Games.lnk --a---- 1662 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Metal Gear Solid Games.lnk --a---- 1735 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Metal Slug Games.lnk --a---- 1685 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Naruto Games.lnk --a---- 1655 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Scooby Doo Games.lnk --a---- 1685 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Sonic Games.lnk --a---- 1674 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Spongebob Games.lnk --a---- 1680 bytes [16:44 19/06/2011] [16:44 19/06/2011]
Super Mario Games.lnk --a---- 1678 bytes [16:44 19/06/2011] [16:44 19/06/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Max Payne d------ [13:14 30/10/2010]
Max Payne.lnk --a---- 1475 bytes [13:17 30/10/2010] [13:17 30/10/2010]
Readme.lnk --a---- 1546 bytes [13:17 30/10/2010] [13:17 30/10/2010]
Uninstall Max Payne.lnk --a---- 1887 bytes [13:17 30/10/2010] [13:17 30/10/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Max Payne\Web Links d------ [13:14 30/10/2010]
3D Realms.url --a---- 117 bytes [13:14 30/10/2010] [13:14 30/10/2010]
Max Payne Web Site.url --a---- 117 bytes [13:14 30/10/2010] [13:14 30/10/2010]
Remedy Entertainment.url --a---- 114 bytes [13:14 30/10/2010] [13:14 30/10/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Microsoft Games for Windows - LIVE d------ [14:32 22/12/2009]
Games for Windows - LIVE.lnk --a---- 964 bytes [14:32 22/12/2009] [17:45 04/03/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Microsoft Office d------ [13:36 30/04/2009]
Microsoft Office Access 2003.lnk --a---- 2000 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office Excel 2003.lnk --a---- 2613 bytes [13:36 30/04/2009] [10:19 25/12/2009]
Microsoft Office InfoPath 2003.lnk --a---- 2002 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office Outlook 2003.lnk --a---- 2080 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office PowerPoint 2003.lnk --a---- 2040 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office Publisher 2003.lnk --a---- 1990 bytes [13:36 30/04/2009] [13:36 30/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Microsoft Office\Microsoft Office -työkalut d------ [13:36 30/04/2009]
Digitaalinen sertifikaatti VBA Projectsia varten.lnk --a---- 2058 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Clip Organizer.lnk --a---- 2014 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office 2003 -kieliasetukset.lnk --a---- 1878 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office Access Snapshot Viewer.lnk --a---- 2048 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office Document Imaging.lnk --a---- 2192 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office Document Scanning.lnk --a---- 2154 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Office Picture Manager.lnk --a---- 1964 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Microsoft Officen sovellusten palauttaminen.lnk --a---- 1888 bytes [13:36 30/04/2009] [13:36 30/04/2009]
Ohjattu omien Microsoft Office 2003 -asetusten tallentaminen.lnk --a---- 1906 bytes [13:36 30/04/2009] [13:36 30/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Midi Maker d------ [18:54 12/06/2009]
Help.lnk --a---- 1562 bytes [18:54 12/06/2009] [09:53 28/07/2009]
Midi Maker.lnk --a---- 1585 bytes [18:54 12/06/2009] [09:53 28/07/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Mobile Music Polyphonic d------ [15:01 09/07/2009]
Mobile Music Polyphonic.lnk --a---- 919 bytes [15:01 09/07/2009] [15:01 09/07/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\ModPlug d------ [17:12 30/04/2011]
About MODPlug.lnk --a---- 778 bytes [17:12 30/04/2011] [17:12 30/04/2011]
MODPlug Central.lnk --a---- 771 bytes [17:12 30/04/2011] [17:12 30/04/2011]
Player help.lnk --a---- 771 bytes [17:12 30/04/2011] [17:12 30/04/2011]
Player Readme.lnk --a---- 766 bytes [17:12 30/04/2011] [17:12 30/04/2011]
Player.lnk --a---- 771 bytes [17:12 30/04/2011] [17:12 30/04/2011]
Uninstall Player.lnk --a---- 714 bytes [17:12 30/04/2011] [17:12 30/04/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Mumble d------ [22:52 30/12/2011]
Mumble (Backwards Compatible).lnk --a---- 1848 bytes [22:52 30/12/2011] [22:52 30/12/2011]
Mumble License.lnk --a---- 623 bytes [22:52 30/12/2011] [22:52 30/12/2011]
Mumble Readme.lnk --a---- 618 bytes [22:52 30/12/2011] [22:52 30/12/2011]
Mumble.lnk --a---- 668 bytes [22:52 30/12/2011] [22:52 30/12/2011]
Qt License.lnk --a---- 594 bytes [22:52 30/12/2011] [22:52 30/12/2011]
Speex License.lnk --a---- 611 bytes [22:52 30/12/2011] [22:52 30/12/2011]
Uninstall Mumble.lnk --a---- 513 bytes [22:52 30/12/2011] [22:52 30/12/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\MyDefrag v4.3.1 d------ [14:05 07/03/2013]
Forum.lnk --a---- 1530 bytes [14:05 07/03/2013] [14:05 07/03/2013]
Manual.lnk --a---- 667 bytes [14:05 07/03/2013] [14:05 07/03/2013]
MyDefrag.lnk --a---- 745 bytes [14:05 07/03/2013] [14:05 07/03/2013]
Uninstall.lnk --a---- 1561 bytes [14:05 07/03/2013] [14:05 07/03/2013]
Website.lnk --a---- 1542 bytes [14:05 07/03/2013] [14:05 07/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\NewFeature1 d------ [19:29 30/11/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\NewFeature1\Riot Games d------ [19:29 30/11/2012]
Play League of Legends.lnk --a---- 621 bytes [19:29 30/11/2012] [19:29 30/11/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Nokia d------ [19:23 21/05/2010]
Nokia Ovi Suite.lnk --a---- 1800 bytes [19:23 21/05/2010] [19:23 21/05/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Nokia PC Suite d------ [13:13 14/03/2013]
Nokia PC Suite.lnk --a---- 1775 bytes [13:13 14/03/2013] [13:13 14/03/2013]
Poista tuotteen Nokia PC Suite asennus.lnk --a---- 2108 bytes [13:13 14/03/2013] [13:13 14/03/2013]
Tuotteen Nokia PC Suite käyttöohje.lnk --a---- 774 bytes [13:13 14/03/2013] [13:13 14/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\OGG MP3 Converter d------ [11:41 30/11/2010]
Help.lnk --a---- 750 bytes [11:41 30/11/2010] [11:41 30/11/2010]
License Agreement.lnk --a---- 750 bytes [11:41 30/11/2010] [11:41 30/11/2010]
OGG MP3 Converter on the Web.url --a---- 49 bytes [11:41 30/11/2010] [11:41 30/11/2010]
OGG MP3 Converter.lnk --a---- 750 bytes [11:41 30/11/2010] [11:41 30/11/2010]
ReadMe.lnk --a---- 745 bytes [11:41 30/11/2010] [11:41 30/11/2010]
Uninstall OGG MP3 Converter.lnk --a---- 757 bytes [11:41 30/11/2010] [11:41 30/11/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\OldGames.sk d------ [18:52 26/12/2009]
Pirates! Gold.lnk --a---- 1639 bytes [18:52 26/12/2009] [18:52 26/12/2009]
www.oldgames.sk.lnk --a---- 172 bytes [18:52 26/12/2009] [18:52 26/12/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Pelit dr----- [17:07 13/04/2009]
desktop.ini --ahs-- 802 bytes [17:07 13/04/2009] [13:52 11/05/2009]
Hertta.lnk --a---- 1520 bytes [17:07 13/04/2009] [13:16 28/02/2013]
Internet Backgammon.lnk --a---- 913 bytes [17:07 13/04/2009] [13:52 11/05/2009]
Internet Hertta.lnk --a---- 913 bytes [17:07 13/04/2009] [13:52 11/05/2009]
Internet Patalupaus.lnk --a---- 913 bytes [17:07 13/04/2009] [13:52 11/05/2009]
Internet Reversi.lnk --a---- 913 bytes [17:07 13/04/2009] [13:52 11/05/2009]
Internet Tammi.lnk --a---- 913 bytes [17:07 13/04/2009] [13:52 11/05/2009]
Miinaharava.lnk --a---- 1515 bytes [17:07 13/04/2009] [13:16 28/02/2013]
Pasianssi.lnk --a---- 1491 bytes [17:07 13/04/2009] [13:16 28/02/2013]
Pinball.lnk --a---- 885 bytes [17:07 13/04/2009] [17:07 13/04/2009]
Spider-pasianssi.lnk --a---- 1502 bytes [17:07 13/04/2009] [13:16 28/02/2013]
Vapaakenttä.lnk --a---- 1522 bytes [17:07 13/04/2009] [13:16 28/02/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版 d------ [14:43 14/10/2012]
PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk --a---- 1055 bytes [14:43 14/10/2012] [14:43 14/10/2012]
アンインストール.lnk --a---- 814 bytes [14:43 14/10/2012] [14:43 14/10/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Pirates Gold d------ [18:30 26/12/2009]
Pirates Gold on the Web.lnk --a---- 419 bytes [18:30 26/12/2009] [18:30 26/12/2009]
Pirates Gold.lnk --a---- 684 bytes [18:30 26/12/2009] [18:30 26/12/2009]
Uninstall Pirates Gold.lnk --a---- 602 bytes [18:30 26/12/2009] [18:30 26/12/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\PoP1-Total Pack d------ [09:05 21/06/2009]
Run Total Pack.lnk --a---- 786 bytes [09:05 21/06/2009] [09:05 21/06/2009]
Uninstall - Step 1.lnk --a---- 692 bytes [09:05 21/06/2009] [09:05 21/06/2009]
Uninstall - Step 2.lnk --a---- 603 bytes [09:08 21/06/2009] [09:08 21/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\QuickFreedom d------ [14:52 31/12/2009]
QuickFreedom.lnk --a---- 573 bytes [14:52 31/12/2009] [14:52 31/12/2009]
Uninstall QuickFreedom.lnk --a---- 553 bytes [14:52 31/12/2009] [14:52 31/12/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\QuickTime d------ [17:47 30/09/2011]
PictureViewer.lnk --a---- 1812 bytes [17:47 30/09/2011] [17:47 30/09/2011]
Poista QuickTime.lnk --a---- 1639 bytes [17:47 30/09/2011] [17:47 30/09/2011]
QuickTime Player.lnk --a---- 1802 bytes [17:47 30/09/2011] [17:47 30/09/2011]
Tietoja QuickTimesta.lnk --a---- 1802 bytes [17:47 30/09/2011] [17:47 30/09/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Realtek d------ [17:30 13/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Realtek\REALTEK GbE & FE Ethernet PCI-E NIC Driver d------ [17:30 13/04/2009]
Uninstall.lnk --a---- 2044 bytes [17:30 13/04/2009] [17:30 13/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\RPG Maker VX Ace d------ [21:59 09/01/2012]
RPG Maker VX Ace.lnk --a---- 674 bytes [21:59 09/01/2012] [21:59 09/01/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Samsung CLX-3170 Series d------ [14:28 07/07/2010]
Samsung-tulostusratkaisu.url --a---- 187 bytes [14:28 07/07/2010] [14:28 07/07/2010]
Smart Panel.lnk --a---- 1706 bytes [14:28 07/07/2010] [14:28 07/07/2010]
Ylläpito.lnk --a---- 1926 bytes [14:28 07/07/2010] [14:28 07/07/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\save2pc d------ [20:05 16/06/2009]
save2pc.lnk --a---- 707 bytes [20:05 16/06/2009] [20:05 16/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Search-NewTaab d------ [17:26 21/03/2013]
Search-NewTaab.lnk --a---- 290 bytes [17:26 21/03/2013] [17:26 21/03/2013]
Uninstall.lnk --a---- 1175 bytes [17:26 21/03/2013] [17:26 21/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Skype d------ [11:49 17/02/2013]
Skype.lnk --a---- 1692 bytes [11:49 17/02/2013] [11:49 17/02/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\SlashEM d------ [08:16 04/08/2009]
Slash'EM Guidebook.lnk --a---- 580 bytes [08:16 04/08/2009] [10:50 11/02/2013]
Slash'EM Homepage.lnk --a---- 160 bytes [08:16 04/08/2009] [10:50 11/02/2013]
Slash'EM.lnk --a---- 630 bytes [08:16 04/08/2009] [10:50 11/02/2013]
Uninstall Slash'EM.lnk --a---- 575 bytes [08:16 04/08/2009] [10:50 11/02/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\SmarThru 4 d------ [14:26 07/07/2010]
SmarThru 4 Image Editor.lnk --a---- 545 bytes [14:26 07/07/2010] [14:26 07/07/2010]
SmarThru 4.lnk --a---- 551 bytes [14:26 07/07/2010] [14:26 07/07/2010]
Uninstall SmarThru 4.lnk --a---- 2046 bytes [14:26 07/07/2010] [14:27 07/07/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Solibo Ltd d------ [17:25 21/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Solibo Ltd\NCdownloader d------ [17:25 21/03/2013]
NCdownloader.lnk --a---- 1775 bytes [17:25 21/03/2013] [17:25 21/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Sony d------ [09:31 06/05/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Sony\Vegas Pro 8.0 d------ [05:50 13/05/2010]
Vegas Pro 8.0 Network Render Service.lnk --a---- 1690 bytes [05:50 13/05/2010] [05:50 13/05/2010]
Vegas Pro 8.0 Readme.lnk --a---- 841 bytes [05:50 13/05/2010] [05:50 13/05/2010]
Vegas Pro 8.0.lnk --a---- 1663 bytes [05:50 13/05/2010] [05:50 13/05/2010]
Video Capture 6.0 Readme.lnk --a---- 876 bytes [05:50 13/05/2010] [05:50 13/05/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Stardock d------ [14:58 22/07/2011]
Play Sins of a Solar Empire Diplomacy.lnk --a---- 836 bytes [14:58 22/07/2011] [14:58 22/07/2011]
Play Sins of a Solar Empire Entrenchment.lnk --a---- 851 bytes [14:58 22/07/2011] [14:58 22/07/2011]
Play Sins of a Solar Empire Trinity.lnk --a---- 786 bytes [14:58 22/07/2011] [14:58 22/07/2011]
Uninstall Sins of a Solar Empire Trinity.lnk --a---- 652 bytes [14:58 22/07/2011] [14:58 22/07/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Steam d------ [16:55 19/03/2013]
Steam Support Center.lnk --a---- 1876 bytes [16:55 19/03/2013] [16:55 19/03/2013]
Steam.lnk --a---- 469 bytes [16:56 19/03/2013] [16:56 19/03/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Steel Panthers World At War d------ [09:54 02/05/2010]
Check for Update .lnk --a---- 1675 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Editor.lnk --a---- 1653 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Icon Guide.lnk --a---- 1967 bytes [09:54 02/05/2010] [14:08 28/08/2010]
License Agreement.lnk --a---- 1695 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Manual.lnk --a---- 1667 bytes [09:54 02/05/2010] [14:08 28/08/2010]
MapThing.lnk --a---- 1766 bytes [09:54 02/05/2010] [14:08 28/08/2010]
ModSwap.lnk --a---- 1630 bytes [09:54 02/05/2010] [14:08 28/08/2010]
OOB Changes.lnk --a---- 1702 bytes [09:54 02/05/2010] [14:08 28/08/2010]
OOB Dump.lnk --a---- 1739 bytes [09:54 02/05/2010] [14:08 28/08/2010]
OOB Editor v5.lnk --a---- 1751 bytes [17:41 27/08/2010] [14:10 26/06/2011]
Register Your Game.lnk --a---- 1685 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Rockin Harry New Shapes.lnk --a---- 2167 bytes [09:54 02/05/2010] [14:08 28/08/2010]
SHP Editor Help.lnk --a---- 1755 bytes [09:54 02/05/2010] [14:08 28/08/2010]
SHP Editor.lnk --a---- 1730 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Sound Map.lnk --a---- 1681 bytes [09:54 02/05/2010] [14:08 28/08/2010]
SPWaWSpecial Scenario Designer Units.lnk --a---- 1961 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Steel Panthers World At War General Edition Game Menu.lnk --a---- 1634 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Steel Panthers World At War Quick Start .lnk --a---- 1609 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Steel Panthers World At War Standard Start.lnk --a---- 1614 bytes [09:54 02/05/2010] [14:08 28/08/2010]
TO&E .lnk --a---- 1639 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Uninstall Steel Panthers World At War.lnk --a---- 1446 bytes [09:54 02/05/2010] [14:08 28/08/2010]
Wild Bill's Dedication.lnk --a---- 1647 bytes [09:54 02/05/2010] [14:08 28/08/2010]
World At War Game Editor.lnk --a---- 1730 bytes [09:54 02/05/2010] [14:08 28/08/2010]
World At War Map Editor.lnk --a---- 1739 bytes [09:54 02/05/2010] [14:08 28/08/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\SUPERAntiSpyware d------ [07:59 14/04/2009]
BootSafe.lnk --a---- 770 bytes [07:59 14/04/2009] [07:59 14/04/2009]
SUPERAntiSpyware Alternate Start.lnk --a---- 806 bytes [07:59 14/04/2009] [07:59 14/04/2009]
SUPERAntiSpyware Free Edition.lnk --a---- 1736 bytes [07:59 14/04/2009] [07:59 14/04/2009]
SUPERAntiSpyware Help.lnk --a---- 836 bytes [07:59 14/04/2009] [07:59 14/04/2009]
SUPERAntiSpyware Repair.lnk --a---- 1882 bytes [07:59 14/04/2009] [07:59 14/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Telltale Games d------ [09:32 24/07/2009]
Telltale Games Support.url --a---- 63 bytes [09:32 24/07/2009] [09:32 24/07/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Telltale Games\Tales of Monkey Island d------ [09:32 24/07/2009]
Launch of the Screaming Narwhal.lnk --a---- 1027 bytes [09:32 24/07/2009] [09:32 24/07/2009]
Tales of Monkey Island Website.url --a---- 68 bytes [09:32 24/07/2009] [09:32 24/07/2009]
Telltale Games.url --a---- 55 bytes [09:32 24/07/2009] [09:32 24/07/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Telltale Games\Tales of Monkey Island\Uninstall d------ [09:32 24/07/2009]
Uninstall - Launch of the Screaming Narwhal.lnk --a---- 877 bytes [09:32 24/07/2009] [09:32 24/07/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\The Spirit Engine 2 d------ [19:32 30/09/2012]
Game Manual.lnk --a---- 692 bytes [19:33 30/09/2012] [19:33 30/09/2012]
The Spirit Engine 2.lnk --a---- 752 bytes [19:33 30/09/2012] [19:33 30/09/2012]
Uninstall.lnk --a---- 1645 bytes [19:33 30/09/2012] [19:33 30/09/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Total Audio MP3 Converter d------ [11:04 30/09/2011]
Help.lnk --a---- 827 bytes [11:04 30/09/2011] [11:04 30/09/2011]
License Agreement.lnk --a---- 820 bytes [11:04 30/09/2011] [11:04 30/09/2011]
ReadMe.lnk --a---- 815 bytes [11:04 30/09/2011] [11:04 30/09/2011]
Total Audio MP3 Converter on the Web.url --a---- 75 bytes [11:04 30/09/2011] [11:04 30/09/2011]
Total Audio MP3 Converter.lnk --a---- 827 bytes [11:04 30/09/2011] [11:04 30/09/2011]
Uninstall Total Audio MP3 Converter.lnk --a---- 827 bytes [11:04 30/09/2011] [11:04 30/09/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Total WAV Converter d------ [17:40 25/04/2009]
WAVConverter.lnk --a---- 707 bytes [17:40 25/04/2009] [17:40 25/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Ubisoft d------ [19:42 10/09/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Ubisoft\Prince of Persia d------ [11:34 06/05/2012]
Game Manual.lnk --a---- 1673 bytes [11:34 06/05/2012] [11:34 06/05/2012]
Homepage.lnk --a---- 1038 bytes [11:34 06/05/2012] [11:34 06/05/2012]
Prince of Persia.lnk --a---- 1673 bytes [11:34 06/05/2012] [11:34 06/05/2012]
ReadMe.txt.lnk --a---- 1631 bytes [11:34 06/05/2012] [11:34 06/05/2012]
Registration.lnk --a---- 1220 bytes [11:34 06/05/2012] [11:34 06/05/2012]
Technical Help.lnk --a---- 1028 bytes [11:34 06/05/2012] [11:34 06/05/2012]
Uninstall.lnk --a---- 2106 bytes [11:34 06/05/2012] [11:34 06/05/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Ubisoft\Prince of Persia The Sands of Time d------ [11:16 08/08/2012]
Play Prince of Persia The Sands of Time.lnk --a---- 1713 bytes [11:16 08/08/2012] [11:16 08/08/2012]
Register Online.lnk --a---- 1549 bytes [11:16 08/08/2012] [11:16 08/08/2012]
Thrustmaster Gamepad Quick Install.lnk --a---- 1792 bytes [11:16 08/08/2012] [11:16 08/08/2012]
Thrustmaster Gamepad Warranty.lnk --a---- 1799 bytes [11:16 08/08/2012] [11:16 08/08/2012]
Uninstall Prince of Persia The Sands of Time.lnk --a---- 1831 bytes [11:16 08/08/2012] [11:16 08/08/2012]
View Lastest information (Readme.txt).lnk --a---- 1692 bytes [11:16 08/08/2012] [11:16 08/08/2012]
View Manual (Adobe Acrobat Reader required).lnk --a---- 1521 bytes [11:16 08/08/2012] [11:16 08/08/2012]
Visit Prince of Persia The Sands of Time.url --a---- 57 bytes [11:16 08/08/2012] [11:23 08/08/2012]
Visit UBISOFT.url --a---- 48 bytes [11:16 08/08/2012] [11:23 08/08/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Valvontatyökalut dr----- [17:07 13/04/2009]
desktop.ini --ahs-- 486 bytes [17:07 13/04/2009] [17:10 13/04/2009]
Komponenttipalvelut.lnk --a---- 1582 bytes [17:07 13/04/2009] [17:07 13/04/2009]
Palvelut.lnk --a---- 1602 bytes [17:10 13/04/2009] [13:19 28/02/2013]
Suorituskyky.lnk --a---- 1591 bytes [17:10 13/04/2009] [13:19 28/02/2013]
Tapahtumienvalvonta.lnk --a---- 1592 bytes [17:10 13/04/2009] [13:19 28/02/2013]
Tietokoneen hallinta.lnk --a---- 1602 bytes [17:10 13/04/2009] [13:19 28/02/2013]
Tietolähteet (ODBC).lnk --a---- 1596 bytes [17:10 13/04/2009] [13:19 28/02/2013]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\VideoLAN d------ [16:59 16/06/2009]
Documentation.lnk --a---- 787 bytes [16:59 16/06/2009] [16:59 16/06/2009]
Release Notes.lnk --a---- 738 bytes [16:59 16/06/2009] [16:59 16/06/2009]
VideoLAN Website.lnk --a---- 802 bytes [16:59 16/06/2009] [16:59 16/06/2009]
VLC media player.lnk --a---- 731 bytes [16:59 16/06/2009] [16:59 16/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\VideoLAN\Quick Settings d------ [16:59 16/06/2009]
Reset VLC media player preferences and cache files.lnk --a---- 833 bytes [16:59 16/06/2009] [16:59 16/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\VideoLAN\Quick Settings\Audio d------ [16:59 16/06/2009]
Set Audio mode to DirectX (default).lnk --a---- 833 bytes [16:59 16/06/2009] [16:59 16/06/2009]
Set Audio mode to Waveout.lnk --a---- 823 bytes [16:59 16/06/2009] [16:59 16/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\VideoLAN\Quick Settings\Interface d------ [16:59 16/06/2009]
Set Main Interface to Qt (default).lnk --a---- 805 bytes [16:59 16/06/2009] [16:59 16/06/2009]
Set Main Interface to Skinnable.lnk --a---- 811 bytes [16:59 16/06/2009] [16:59 16/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\VideoLAN\Quick Settings\Video d------ [16:59 16/06/2009]
Set Video mode to Direct3D (no hardware acceleration).lnk --a---- 885 bytes [16:59 16/06/2009] [16:59 16/06/2009]
Set Video mode to Direct3D.lnk --a---- 879 bytes [16:59 16/06/2009] [16:59 16/06/2009]
Set Video mode to DirectX (no hardware acceleration).lnk --a---- 889 bytes [16:59 16/06/2009] [16:59 16/06/2009]
Set Video mode to DirectX (no video overlay).lnk --a---- 883 bytes [16:59 16/06/2009] [16:59 16/06/2009]
Set Video mode to DirectX.lnk --a---- 877 bytes [16:59 16/06/2009] [16:59 16/06/2009]
Set Video mode to OpenGL.lnk --a---- 841 bytes [16:59 16/06/2009] [16:59 16/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Virtual Audio Cable d------ [17:57 21/06/2011]
Audio Repeater (KS).lnk --a---- 775 bytes [17:57 21/06/2011] [13:28 20/08/2011]
Audio Repeater (MME).lnk --a---- 762 bytes [17:57 21/06/2011] [13:28 20/08/2011]
Control panel.lnk --a---- 723 bytes [17:57 21/06/2011] [13:28 20/08/2011]
Homepage.lnk --a---- 713 bytes [17:57 21/06/2011] [13:28 20/08/2011]
Readme.lnk --a---- 697 bytes [17:57 21/06/2011] [13:28 20/08/2011]
Uninstall Virtual Audio Cable.lnk --a---- 722 bytes [17:57 21/06/2011] [13:28 20/08/2011]
User manual.lnk --a---- 688 bytes [17:57 21/06/2011] [13:28 20/08/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\WAV MP3 Converter d------ [12:28 28/03/2010]
Help.lnk --a---- 818 bytes [12:28 28/03/2010] [11:01 30/09/2011]
License Agreement.lnk --a---- 806 bytes [12:28 28/03/2010] [11:01 30/09/2011]
ReadMe.lnk --a---- 801 bytes [12:28 28/03/2010] [11:01 30/09/2011]
Uninstall WAV MP3 Converter.lnk --a---- 813 bytes [12:28 28/03/2010] [11:01 30/09/2011]
WAV MP3 Converter on the Web.url --a---- 49 bytes [12:28 28/03/2010] [11:01 30/09/2011]
WAV MP3 Converter.lnk --a---- 818 bytes [12:28 28/03/2010] [11:01 30/09/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Westwood d------ [13:29 26/06/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Westwood\Command & Conquer 95 d------ [16:48 20/11/2011]
Command & Conquer Funpark missions.lnk --a---- 562 bytes [16:48 20/11/2011] [16:48 20/11/2011]
Command & Conquer Setup.lnk --a---- 562 bytes [16:48 20/11/2011] [16:48 20/11/2011]
Command & Conquer Windows 95 Edition.lnk --a---- 550 bytes [16:48 20/11/2011] [16:48 20/11/2011]
Uninstall C&C95.lnk --a---- 569 bytes [16:48 20/11/2011] [16:48 20/11/2011]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Westwood\Red Alert 2 d------ [13:29 26/06/2010]
Red Alert 2 Auto Update.lnk --a---- 1456 bytes [13:29 26/06/2010] [15:56 15/02/2012]
Red Alert 2 ReadMe.lnk --a---- 1445 bytes [13:29 26/06/2010] [15:56 15/02/2012]
Red Alert 2 Uninstall.lnk --a---- 1469 bytes [13:29 26/06/2010] [15:56 15/02/2012]
Red Alert 2.lnk --a---- 1408 bytes [13:29 26/06/2010] [15:56 15/02/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Westwood\Shared Internet Components d------ [13:56 26/06/2010]
Internet Registration.lnk --a---- 1551 bytes [13:56 26/06/2010] [15:56 15/02/2012]
Uninstall Registration.lnk --a---- 1553 bytes [13:56 26/06/2010] [15:56 15/02/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Windows Live d------ [16:09 07/11/2009]
Windows Live Call.lnk --a---- 1690 bytes [16:09 07/11/2009] [08:12 12/12/2010]
Windows Live Messenger .lnk --a---- 1887 bytes [08:12 12/12/2010] [08:12 12/12/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Wings 2 d------ [13:36 20/04/2009]
Manual.lnk --a---- 637 bytes [13:36 20/04/2009] [13:36 20/04/2009]
Uninstall Wings 2.lnk --a---- 577 bytes [13:36 20/04/2009] [13:36 20/04/2009]
Wings 2.lnk --a---- 1520 bytes [13:36 20/04/2009] [13:36 20/04/2009]
www.wings2.net.lnk --a---- 677 bytes [13:36 20/04/2009] [13:36 20/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\WinRAR d------ [10:50 14/04/2009]
Console RAR manual.lnk --a---- 685 bytes [10:50 14/04/2009] [10:50 14/04/2009]
WinRAR help.lnk --a---- 704 bytes [10:50 14/04/2009] [10:50 14/04/2009]
WinRAR.lnk --a---- 704 bytes [10:50 14/04/2009] [10:50 14/04/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\WinSCP d------ [15:05 15/01/2010]
Dokumentointi.url --a---- 53 bytes [15:05 15/01/2010] [15:05 15/01/2010]
Tukifoorumi.url --a---- 50 bytes [15:05 15/01/2010] [15:05 15/01/2010]
WinSCP Web-sivusto.url --a---- 44 bytes [15:05 15/01/2010] [15:05 15/01/2010]
WinSCP.lnk --a---- 1542 bytes [15:05 15/01/2010] [15:05 15/01/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\WinSCP\Avaintyökalut d------ [15:05 15/01/2010]
Pageant ohjeet.lnk --a---- 557 bytes [15:05 15/01/2010] [15:05 15/01/2010]
Pageant.lnk --a---- 701 bytes [15:05 15/01/2010] [15:05 15/01/2010]
PuTTY Web-sivu.url --a---- 76 bytes [15:05 15/01/2010] [15:05 15/01/2010]
PuTTYgen ohjeet.lnk --a---- 559 bytes [15:05 15/01/2010] [15:05 15/01/2010]
PuTTYgen.lnk --a---- 708 bytes [15:05 15/01/2010] [15:05 15/01/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\XChat d------ [15:56 01/06/2009]
FAQ.lnk --a---- 1497 bytes [15:56 01/06/2009] [15:56 01/06/2009]
Plugin Docs.lnk --a---- 1536 bytes [15:56 01/06/2009] [15:56 01/06/2009]
ReadMe.lnk --a---- 1522 bytes [15:56 01/06/2009] [15:56 01/06/2009]
Uninstall.lnk --a---- 1361 bytes [15:56 01/06/2009] [15:56 01/06/2009]
XChat.lnk --a---- 1504 bytes [15:56 01/06/2009] [15:56 01/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Xvid d------ [20:05 16/06/2009]
Configure Decoder.lnk --a---- 1389 bytes [20:05 16/06/2009] [20:05 16/06/2009]
Configure Encoder.lnk --a---- 1399 bytes [20:05 16/06/2009] [20:05 16/06/2009]
INet-Doom9's Xvid Forum.lnk --a---- 684 bytes [20:05 16/06/2009] [20:05 16/06/2009]
INet-Koepi's Homepage (Updates).lnk --a---- 758 bytes [20:05 16/06/2009] [20:05 16/06/2009]
INet-Xvid Homepage.lnk --a---- 688 bytes [20:05 16/06/2009] [20:05 16/06/2009]
Koepi's OGMCalc.lnk --a---- 717 bytes [20:05 16/06/2009] [20:05 16/06/2009]
Nic's FourCC changer.lnk --a---- 668 bytes [20:05 16/06/2009] [20:05 16/06/2009]
Nic's MiniCalc.lnk --a---- 672 bytes [20:05 16/06/2009] [20:05 16/06/2009]
Release Notes.lnk --a---- 726 bytes [20:05 16/06/2009] [20:05 16/06/2009]
Some quantization matrices.lnk --a---- 749 bytes [20:05 16/06/2009] [20:05 16/06/2009]
StatsReader 2.1.lnk --a---- 705 bytes [20:05 16/06/2009] [20:05 16/06/2009]
StatsReader Notes.lnk --a---- 703 bytes [20:05 16/06/2009] [20:05 16/06/2009]
Uninstall Xvid.lnk --a---- 1522 bytes [20:05 16/06/2009] [20:05 16/06/2009]
Vidc.Cleaner.lnk --a---- 1623 bytes [20:05 16/06/2009] [20:05 16/06/2009]

c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Ys the oath in felghana d------ [14:04 06/06/2012]
YS.lnk --a---- 738 bytes [14:04 06/06/2012] [14:04 06/06/2012]
Ńźą÷ąņü åłå čćš.lnk --a---- 1646 bytes [14:04 06/06/2012] [14:04 06/06/2012]
Óäąėčņü Čćšó.lnk --a---- 723 bytes [14:04 06/06/2012] [14:04 06/06/2012]

c:\documents and settings\All Users\Käynnistä-valikko\Programs d------ [10:06 16/01/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Programs\Accessories d------ [10:06 16/01/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Programs\Accessories\Media Center d------ [10:06 16/01/2010]

c:\documents and settings\All Users\Käynnistä-valikko\Programs\Accessories\Media Center\Media Center Programs d------ [10:06 16/01/2010]

-= EOF =-
__________________
Veke is offline  
Old 03-27-2013, 09:49 AM   #10
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Sorry for any delay....I have been quite busy today, but how is your system running?
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-27-2013, 09:58 AM   #11
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



Not better than before, unfortunately. Windows takes more than 15 minutes to start up and programs also take longer to start. Programs, games, most noticeably, suffer from considerable lag while running. There are occasional stutters in the sound. What comes to noticeable malware, aside from the new tab search hijack that's been around since I posted this, there are now many more ads in Firefox than just that, some of them "by Browse 2 Save" as it reads next to them.
__________________
Veke is offline  
Old 03-27-2013, 11:29 AM   #12
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Ok thanks for letting me know. :)
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Quote:

    ClearJavaCache::

    DDS::
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com

    Firefox::
    FF - ProfilePath - c:\documents and settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\
    FF - ExtSQL: 2013-03-21 19:59; bautpfp@wwa-cxgq.com; c:\documents and settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\extensions\bautpfp@wwa-cxgq.com
    FF - ExtSQL: 2013-03-21 19:59; axjxauiu@uoofaau-.org; c:\documents and settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\extensions\axjxauiu@uoofaau-.org

    File::
    c:\windows\winstart.bat
    c:\docume~1\Yleinen\LOCALS~1\Temp\bDMusicb.sys

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57032:TCP"=-
    "57032:UDP"=-
    "56921:TCP"=-
    "56921:UDP"=-

    Driver::
    bDMusicb
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Post the new ComboFix log and let me know how your system is running now.
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-27-2013, 01:05 PM   #13
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



All of the symptoms I described in the previous post seem to be still present. Even that adware, it seems to be persistent. Here is the log in any case.

ComboFix 13-03-27.01 - Yleinen 27.03.2013 20:55:21.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.3263.2227 [GMT 2:00]
Sijainti: c:\documents and settings\Yleinen\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Yleinen\Työpöytä\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\docume~1\Yleinen\LOCALS~1\Temp\bDMusicb.sys"
"c:\windows\winstart.bat"
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Yleinen\Application Data\mIRC\logs\status.log
c:\windows\iun6002.exe
c:\windows\pi.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BDMUSICB
-------\Service_bDMusicb
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2013-02-27 to 2013-03-27 )))))))))))))))))
.
.
2013-03-24 21:04 . 2013-03-24 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2013-03-24 21:01 . 2013-03-24 21:01 -------- d-----w- c:\documents and settings\UpdatusUser
2013-03-24 13:30 . 2010-04-06 16:04 19523104 ----a-w- c:\windows\RTHDCPL.EXE
2013-03-24 13:30 . 2010-04-06 16:04 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2013-03-24 11:08 . 2010-04-06 16:04 358944 ----a-w- c:\windows\vncutil.exe
2013-03-24 11:07 . 2010-04-06 16:04 129568 ----a-w- c:\windows\RtkAudioService.exe
2013-03-24 11:07 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2013-03-24 11:07 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2013-03-23 21:44 . 2013-03-23 21:46 -------- d-----w- c:\program files\CCleaner
2013-03-23 21:38 . 2013-03-23 21:38 -------- d-----w- c:\program files\uTorrent
2013-03-23 13:49 . 2013-03-23 13:49 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja
2013-03-23 13:37 . 2013-03-23 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RegRun
2013-03-23 13:36 . 2013-03-23 13:36 2 --shatr- c:\windows\winstart.bat
2013-03-23 13:35 . 2013-03-23 15:30 -------- d-----w- c:\program files\UnHackMe
2013-03-21 17:25 . 2013-03-21 17:25 -------- d-----w- c:\windows\system32\AMD64
2013-03-19 18:26 . 2013-03-19 18:26 -------- d-----w- C:\Fraps
2013-03-19 16:56 . 2013-03-19 16:56 -------- d-----w- c:\documents and settings\All Users\Kynnist-valikko
2013-03-19 16:55 . 2013-03-19 16:55 -------- d-----w- c:\program files\Common Files\Steam
2013-03-15 16:00 . 2013-03-15 16:00 -------- d-----w- c:\program files\AGEIA Technologies
2013-03-15 15:48 . 2013-02-10 03:20 10707360 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-14 13:13 . 2013-03-14 13:13 -------- d-----w- c:\program files\Common Files\PCSuite
2013-03-14 13:11 . 2012-06-11 09:33 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-03-14 13:11 . 2013-03-14 13:11 -------- d-----w- c:\program files\PC Connectivity Solution
2013-03-14 13:10 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2013-03-14 13:10 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2013-03-14 13:10 . 2012-01-09 15:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2013-03-14 13:10 . 2012-01-09 15:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2013-03-14 13:10 . 2012-01-09 15:28 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2013-03-14 13:05 . 2013-03-14 13:27 -------- d-sh--w- c:\documents and settings\Yleinen\Phone Browser
2013-03-13 17:27 . 2013-03-13 17:27 263186 ----a-w- c:\documents and settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Minecraft.exe
2013-03-07 14:05 . 2013-03-24 16:23 -------- d-----w- c:\program files\MyDefrag v4.3.1
2013-02-28 14:02 . 2013-02-28 14:02 -------- d-----w- c:\documents and settings\LocalService\Työpöytä
2013-02-28 13:25 . 2013-02-28 13:25 -------- d-----w- c:\documents and settings\Yleinen\Application Data\AVG
2013-02-28 13:25 . 2013-02-28 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-02-28 13:23 . 2013-02-28 13:23 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 18:05 . 2013-01-19 10:17 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-18 14:13 . 2012-04-04 08:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-18 14:13 . 2011-05-15 06:37 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 20:44 . 2013-03-08 20:44 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-08 20:43 . 2009-04-20 13:44 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 20:43 . 2012-05-23 20:47 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-08 20:43 . 2010-05-28 11:22 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-03 10:00 . 2009-04-14 12:12 1734 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-02-10 03:20 . 2013-03-24 20:41 6070272 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:20 . 2013-03-24 20:41 19685376 ----a-w- c:\windows\system32\nvoglnt.dll
2013-02-10 03:20 . 2013-03-24 20:41 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-10 03:20 . 2013-03-24 20:41 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-10 03:20 . 2013-03-24 20:40 2731296 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:20 . 2013-03-24 20:40 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:20 . 2013-03-24 20:40 7749632 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:20 . 2013-03-24 20:40 2481664 ----a-w- c:\windows\system32\nvapi.dll
2013-02-10 03:20 . 2013-03-24 20:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:20 . 2013-03-15 15:58 65536 ----a-w- c:\windows\system32\OpenCL.dll
2013-02-10 03:20 . 2008-08-02 04:20 4078976 ----a-w- c:\windows\system32\nv4_disp.dll
2013-02-10 00:27 . 2013-03-24 20:56 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-02-10 00:27 . 2013-03-24 20:56 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-02-10 00:27 . 2013-03-24 20:56 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-10 00:27 . 2013-03-24 20:56 15664416 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:27 . 2013-03-24 20:56 144160 ----a-w- c:\windows\system32\nvcolor.exe
2009-04-10 19:49 . 2009-04-14 08:48 272176 ----a-w- c:\program files\utorrent.exe
2013-03-08 10:42 . 2013-03-08 10:41 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-01-20 4763008]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-11-30 3093624]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-15 22528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-06-11 503808]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 5115192]
"LogMeIn Hamachi Ui"="c:\program files\Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-02-10 15664416]
"NvMediaCenter"="NvMCTray.dll" [2013-02-10 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-02-10 1982312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 09:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Canon LBP-810 tilaikkuna.LNK]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Canon LBP-810 tilaikkuna.LNK
backup=c:\windows\pss\Canon LBP-810 tilaikkuna.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^NCdownloader.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\NCdownloader.lnk
backup=c:\windows\pss\NCdownloader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Yleinen^Käynnistä-valikko^Ohjelmat^Käynnistys^CurseClientStartup.ccip]
path=c:\documents and settings\Yleinen\Käynnistä-valikko\Ohjelmat\Käynnistys\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
2012-05-07 11:15 1271168 ----a-r- c:\program files\cFosSpeed\cfosspeed.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 22:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCore]
2012-07-24 00:34 5115192 ----a-w- c:\program files\Logitech Gaming Software\LCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 15:29 2254768 ----a-w- c:\program files\Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-24 18:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 15:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 10:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-03-15 15:29 1632680 ----a-w- i:\steami\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\utorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"i:\\steami\\Steam.exe"=
"i:\\steami\\SteamApps\\common\\FTL Faster Than Light\\FTLGame.exe"=
"i:\\steami\\SteamApps\\common\\Frozen Synapse\\FrozenSynapse.exe"=
"i:\\steami\\SteamApps\\common\\Command and Conquer 3 - Kane's Wrath\\CNC3EP1.exe"=
"i:\\steami\\SteamApps\\common\\Command and Conquer 3 - Kane's Wrath\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"i:\\steami\\SteamApps\\common\\Borderlands 2\\Binaries\\Win32\\Launcher.exe"=
"i:\\steami\\SteamApps\\common\\Sonic CD\\soniccd.exe"=
"i:\\steami\\SteamApps\\common\\Sonic CD\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"i:\\steami\\SteamApps\\common\\The Witcher Enhanced Edition\\System\\witcher.exe"=
"i:\\steami\\SteamApps\\common\\The Witcher Enhanced Edition\\System\\djinni!.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15.10.2012 3:48 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14.9.2012 3:05 35552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.11.2009 17:45 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22.10.2012 13:02 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2.10.2012 3:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.9.2012 3:46 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [19.1.2013 12:17 33112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [23.3.2009 13:07 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 13:07 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2.7.2010 9:19 116608]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [10.12.2012 11:11 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [10.12.2012 17:29 1435568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1.7.2010 14:38 10384]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [11.5.2009 15:50 22912]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [21.6.2011 19:57 61096]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [3.11.2008 12:47 27544]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [17.6.2009 18:55 40720]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [9.10.2012 17:12 19720]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\drivers\LGSHidFilt.Sys [9.10.2012 17:12 42008]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [17.6.2009 18:55 10384]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [31.12.2009 16:12 28672]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.3.2013 13:07 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [9.10.2012 17:12 14856]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 13:07 12872]
.
'Ajoitetut tehtävät'-kansion sisältö
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:13]
.
2009-08-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8242048412.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 10:49]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 10:49]
.
.
------- Täydentävä tarkistus -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: 2013-03-21 19:59; bautpfp@wwa-cxgq.com; c:\documents and settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\extensions\bautpfp@wwa-cxgq.com
FF - ExtSQL: 2013-03-21 19:59; axjxauiu@uoofaau-.org; c:\documents and settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\extensions\axjxauiu@uoofaau-.org
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
AddRemove-spwawv820Public - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-27 21:35
Windows 5.1.2600 Service Pack 3 NTFS
.
tarkistaa piilotettuja prosesseja ...
.
tarkistaa piilotettuja käynnistysarvoja ...
.
tarkistaa piilotettuja tiedostoja ...
.
tarkistus on valmis
piilotetut tiedostot: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B25E040-2637-6CCF-98C9-910CE87A38CD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaonjgheehohihghejphhmkombmnkf"=hex:64,61,62,67,64,6d,62,65,00,85
"oacnjmlagecibooljdcdjncocpldee"=hex:69,61,6a,64,70,66,65,6d,67,6f,68,61,6c,6a,
6d,6b,63,67,00,00
"namolhhogkeekiigbfjmnpbhhfcb"=hex:6a,61,62,67,61,67,64,66,6c,6e,70,61,6e,69,
6d,6d,6f,6a,70,70,00,02
"oaonjgheehohihghejphhmkopbjmhi"=hex:64,61,62,67,67,6d,65,65,00,85
"oacnjmlagecibooljdcdjncobpgfdb"=hex:69,61,70,66,63,6c,6b,65,63,65,65,6b,62,67,
68,68,6f,70,00,ff
"namolhhogkeekiigbfjmnpahefac"=hex:6a,61,6f,64,61,67,6e,66,6d,61,63,62,6a,6c,
69,61,6b,67,62,62,00,02
"oaonjgheehohihghejphhmkoobcnmb"=hex:64,61,62,67,67,6d,64,65,00,85
"oacnjmlagecibooljdcdjncoepbfge"=hex:6a,61,6f,64,61,67,6e,66,6d,61,63,62,6a,6c,
69,61,6b,67,62,62,00,02
"namolhhogkeekiigbfjmnphgnefo"=hex:6a,61,63,67,6d,66,6a,68,6d,6a,6b,65,70,70,
66,66,67,62,61,6c,00,02
.
[HKEY_USERS\S-1-5-21-746137067-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C9334D3F-49B8-9225-DB9F-09097F22DDCA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakfcelenkighlpjlkipafehdmpeoj"=hex:64,61,6a,6c,6d,69,6a,66,00,60
"oaoekcokfcagfnlpimikcpodaojgcl"=hex:6a,61,6f,6c,68,6c,65,69,67,6d,6e,64,6f,62,
6d,63,66,68,64,6c,00,cb
"naidecaahgedhdmjdmfmfbmeohad"=hex:6a,61,6a,6c,61,63,68,67,65,6c,70,63,6c,6c,
6a,66,61,6e,61,70,00,cb
"eagdkdenon"=hex:6a,61,70,66,62,64,63,63,61,61,6a,6a,6d,69,61,6d,6f,66,6c,62,
00,23
"capfaj"=hex:64,62,64,66,6d,6a,6b,6d,6d,6e,61,6f,70,61,65,6d,6d,62,66,6a,68,66,
69,6d,6c,64,6a,62,64,69,65,68,6d,67,6f,6f,6c,6b,64,65,00,0e
.
[HKEY_USERS\S-1-5-21-746137067-287218729-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:a8,f4,cc,71,f5,df,84,66,c5,36,13,aa,c0,01,ab,2d,76,44,0c,50,94,
3a,87,1e,48,4b,86,ed,ec,86,80,9e,5b,b0,92,54,a9,3e,b9,20,67,42,5a,89,92,4f,\
"rkeysecu"=hex:de,43,09,86,91,1e,dd,1b,e1,3d,8d,1f,d6,9c,fa,84
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\’cÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fin.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Muut prosessit ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Valmistumisajankohta: 2013-03-27 21:50:50 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2013-03-27 19:50
ComboFix2.txt 2013-03-26 10:15
.
Ennen ajoa: 58*873*454*592 tavua vapaana
Ajon jälkeen: 58*763*837*440 tavua vapaana
.
- - End Of File - - 4A5EC7BF14AD9422345D66D70B1EC104
__________________
Veke is offline  
Old 03-27-2013, 02:46 PM   #14
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



OTL
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-28-2013, 03:15 AM   #15
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



Firstly, here is OTL.txt.

OTL logfile created on: 28.3.2013 11:48:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Yleinen\Työpöytä
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

3,19 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 75,54% Memory free
5,03 Gb Paging File | 4,08 Gb Available in Paging File | 81,09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114,48 Gb Total Space | 44,87 Gb Free Space | 39,19% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 878,88 Gb Free Space | 94,35% Space Free | Partition Type: NTFS

Computer Name: NUORTIMO | User Name: Yleinen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Yleinen\Työpöytä\OTL.exe (OldTimer Tools)
PRC - I:\steami\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
PRC - C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)


========== Modules (No Company Name) ==========

MOD - I:\steami\SDL2.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nview\nvShell.dll ()
MOD - I:\steami\bin\avcodec-53.dll ()
MOD - I:\steami\bin\avformat-53.dll ()
MOD - I:\steami\bin\avutil-51.dll ()
MOD - C:\Pelit\micmusic\converterr11\dBShell.dll ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\WINDOWS\system32\SamFaxPort.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\IMFilter.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\sst1cl3.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (vToolbarUpdater14.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Program Files\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Partizan) -- system32\drivers\Partizan.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (al062fuh) -- File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (cFosSpeed) -- C:\WINDOWS\system32\drivers\cfosspeed.sys (cFos Software GmbH)
DRV - (LGSHidFilt) -- C:\WINDOWS\system32\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (EuMusDesignVirtualAudioCableWdm) -- C:\WINDOWS\system32\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (LGVirHid) -- C:\WINDOWS\system32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (fdrawcmd) -- C:\WINDOWS\system32\drivers\fdrawcmd.sys (simonowen.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (libusb-Win32)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (sfvfs02) -- C:\WINDOWS\system32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (RapidPort) -- C:\WINDOWS\system32\drivers\CAPLPTN.SYS (CANON INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-287218729-682003330-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-746137067-287218729-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-746137067-287218729-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-746137067-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-746137067-287218729-682003330-1009\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-746137067-287218729-682003330-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.21 21:21:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 15:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.25 13:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 12:42:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.21 21:21:33 | 000,000,000 | ---D | M]

[2009.04.13 21:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yleinen\Application Data\Mozilla\Extensions
[2013.03.23 11:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\extensions
[2013.03.21 19:27:02 | 000,000,000 | ---D | M] (Search-NewTaab) -- C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\extensions\axjxauiu@uoofaau-.org
[2013.03.21 19:27:02 | 000,000,000 | ---D | M] (BRowse2save) -- C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\extensions\bautpfp@wwa-cxgq.com
[2009.04.14 09:40:10 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Mozilla\Firefox\Profiles\1w3a7a95.default\searchplugins\winamp-search.xml
[2013.03.08 12:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.03.08 12:42:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.31 12:21:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.05 22:14:12 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bookplus-fi.xml
[2012.12.05 22:14:12 | 000,001,185 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-fi.xml
[2012.12.05 22:14:12 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fi.xml
[2012.12.05 22:14:12 | 000,001,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fi.xml

========== Chrome ==========

CHR - homepage: Google
CHR - Extension: Search-NewTaab = C:\Documents and Settings\Yleinen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jelofphlcglejflepcknemondjihhknn\1\
CHR - Extension: BRowse2save = C:\Documents and Settings\Yleinen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okhgalkijhnaddigknlacdbndhidfhkn\1\

O1 HOSTS File: ([2013.03.27 21:33:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-746137067-287218729-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CAPON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPONN.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\S-1-5-21-746137067-287218729-682003330-1004..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-746137067-287218729-682003330-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-746137067-287218729-682003330-1004..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-746137067-287218729-682003330-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-746137067-287218729-682003330-1009..\Run: [] File not found
O4 - HKU\S-1-5-21-746137067-287218729-682003330-1009..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-746137067-287218729-682003330-1009..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-287218729-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-746137067-287218729-682003330-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-287218729-682003330-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm File not found
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm File not found
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm File not found
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Luotettavat sivustot)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Luotettavat sivustot)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Luotettavat sivustot)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Luotettavat sivustot)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1239653083687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C335B51A-9338-4D1F-B699-8927161802C6}: DhcpNameServer = 62.240.64.135 62.216.99.250
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Yleinen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Yleinen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.13 19:10:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.28 11:26:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yleinen\Työpöytä\OTL.exe
[2013.03.26 11:33:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.03.26 11:28:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.03.26 11:28:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.03.26 11:28:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.03.26 11:28:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.03.26 11:28:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.26 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.03.26 11:24:21 | 005,044,307 | R--- | C] (Swearware) -- C:\Documents and Settings\Yleinen\Työpöytä\ComboFix.exe
[2013.03.24 23:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2013.03.24 15:30:28 | 002,815,520 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2013.03.24 13:08:19 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2013.03.24 13:07:46 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2013.03.24 13:07:27 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2013.03.24 12:28:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Yleinen\Recent
[2013.03.23 23:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.23 23:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2013.03.23 15:42:48 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2013.03.23 15:42:43 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2013.03.23 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegRun
[2013.03.23 15:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yleinen\Omat tiedostot\RegRun2
[2013.03.23 15:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2013.03.21 19:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Search-NewTaab
[2013.03.21 19:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Solibo Ltd
[2013.03.21 19:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AMD64
[2013.03.19 20:26:40 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.03.19 18:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Kynnist-valikko
[2013.03.19 18:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013.03.19 18:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Steam
[2013.03.18 16:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yleinen\Työpöytä\minecraftdog
[2013.03.15 18:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.03.15 17:58:56 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013.03.15 13:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\AVG
[2013.03.14 15:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Nokia PC Suite
[2013.03.14 15:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2013.03.14 15:11:37 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2013.03.14 15:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2013.03.14 15:10:18 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2013.03.14 15:10:17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2013.03.14 15:10:16 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2013.03.14 15:10:15 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2013.03.14 15:10:14 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2013.03.14 15:10:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2013.03.14 15:05:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Yleinen\Phone Browser
[2013.03.11 16:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yleinen\Työpöytä\psykologia_artikkelit
[2013.03.08 12:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.07 16:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\MyDefrag v4.3.1
[2013.03.07 16:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1
[2013.02.28 15:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yleinen\Application Data\AVG
[2013.02.28 15:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013.02.28 15:23:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2009.04.14 10:48:03 | 000,272,176 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\utorrent.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.28 11:45:25 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.28 11:43:04 | 000,006,118 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013.03.28 11:27:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.28 11:26:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yleinen\Työpöytä\OTL.exe
[2013.03.28 11:07:15 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.28 11:04:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.27 21:33:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.03.27 20:43:35 | 005,044,307 | R--- | M] (Swearware) -- C:\Documents and Settings\Yleinen\Työpöytä\ComboFix.exe
[2013.03.27 11:06:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.03.26 11:33:41 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2013.03.25 13:00:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\MBR.dat
[2013.03.24 22:51:16 | 001,079,188 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.03.24 22:51:16 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.03.24 22:50:49 | 001,079,188 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.03.24 22:50:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013.03.24 15:53:42 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\Yleinen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.23 23:46:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\CCleaner.lnk
[2013.03.23 23:38:16 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013.03.23 23:38:16 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\µTorrent.lnk
[2013.03.23 16:17:01 | 000,471,520 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2013.03.23 16:17:00 | 000,496,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.03.23 16:17:00 | 000,101,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2013.03.23 16:17:00 | 000,084,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.03.23 15:36:53 | 000,002,518 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.03.23 15:36:53 | 000,001,636 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2013.03.23 15:36:53 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2013.03.23 12:14:00 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2013.03.22 12:20:49 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Pikakuvake fraps.exe.lnk
[2013.03.21 19:25:51 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\NCdownloader.lnk
[2013.03.19 22:57:34 | 1030,666,244 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\FTL_Nesasio.mpg
[2013.03.19 22:57:32 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\FTL_Nesasio.mpg.sfl
[2013.03.19 19:40:46 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2013.03.19 18:56:02 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Steam.lnk
[2013.03.19 12:13:00 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Pikakuvake psykologia_artikkelit.lnk
[2013.03.18 22:32:15 | 000,536,243 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\water_accident.png
[2013.03.18 20:50:36 | 000,237,904 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-18_20.50.36.png
[2013.03.18 20:05:42 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013.03.18 17:01:15 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Pikakuvake (2) Minecraft_Server.exe.lnk
[2013.03.18 17:01:07 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Pikakuvake Infected Mushroom CD1 - The Trance Side.lnk
[2013.03.16 18:02:05 | 000,610,304 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\Nina concepts.jpg
[2013.03.16 18:01:37 | 000,346,023 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\WIP_Asha.jpg
[2013.03.15 17:56:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.03.15 17:45:50 | 000,313,901 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\gpu.png
[2013.03.15 17:37:36 | 000,221,278 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\ouch.png
[2013.03.14 15:18:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2013.03.14 15:18:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013.03.14 15:13:36 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Nokia PC Suite.lnk
[2013.03.14 15:03:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013.03.13 20:33:05 | 000,034,450 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\raven1.jpg
[2013.03.13 19:27:18 | 000,263,186 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Minecraft.exe
[2013.03.11 19:24:29 | 000,184,374 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\Phantasy Star000.bmp
[2013.03.10 19:53:59 | 000,105,626 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\black-screen-dramatic.jpg
[2013.03.10 19:52:40 | 000,071,226 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\black-1.2.jpg
[2013.03.10 19:49:12 | 001,195,774 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\RavenWWPh.jpg
[2013.03.10 19:48:05 | 001,015,551 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\RavenWWP.jpg
[2013.03.10 19:21:43 | 001,041,268 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\screen.jpg
[2013.03.10 19:20:33 | 001,138,818 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\FSRed-hires.jpg
[2013.03.10 19:02:34 | 000,153,701 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\necropolis.jpg
[2013.03.10 13:41:53 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Skype Recorder.lnk
[2013.03.07 23:22:14 | 000,813,608 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-07 23.19.48_1-hires.jpg
[2013.03.07 23:21:48 | 000,864,884 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-07 23.15.11_1-hires.jpg
[2013.03.07 23:21:27 | 000,668,515 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-07 23.12.51_1-hires.jpg
[2013.03.07 23:17:44 | 000,058,924 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\11890793.jpg
[2013.03.07 17:02:33 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\SCHTHACK PSOBB.lnk
[2013.03.07 16:05:28 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\MyDefrag.lnk
[2013.03.07 13:43:30 | 001,244,895 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\IMG_20130307_133943.jpg
[2013.03.05 19:08:29 | 000,887,890 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\le art!.png
[2013.03.04 14:20:06 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\gmer.exe
[2013.03.03 12:00:22 | 000,001,734 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2013.03.02 23:01:07 | 001,440,869 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-02 22.54.36_1-hires.jpg
[2013.03.02 16:25:21 | 003,244,152 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\Haughty Holiday Overture ~ Lively Underwater Civilization.mp3
[2013.03.01 22:31:11 | 001,000,694 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-01 22.28.35_1-hires.jpg
[2013.03.01 22:24:09 | 001,085,064 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-01 22.20.27_1-hires.jpg
[2013.02.28 20:07:26 | 000,069,379 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\shouko2.png
[2013.02.26 23:47:26 | 000,038,196 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\512EJMNN4VL.jpg
[2013.02.26 23:47:02 | 000,332,892 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\slow-down1.jpg
[2013.02.26 23:46:53 | 000,362,902 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\Rengar_Splash_0.jpg
[2013.02.26 19:34:01 | 000,230,454 | ---- | M] () -- C:\Documents and Settings\Yleinen\Työpöytä\Light Crusader000.bmp
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.26 11:33:41 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2013.03.26 11:33:35 | 000,260,352 | RHS- | C] () -- C:\cmldr
[2013.03.26 11:28:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.03.26 11:28:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.03.26 11:28:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.03.26 11:28:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.03.26 11:28:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.03.25 13:00:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\MBR.dat
[2013.03.24 22:50:49 | 001,079,188 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.03.24 22:50:49 | 001,079,188 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.03.24 22:50:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.03.24 22:50:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013.03.24 22:41:04 | 000,016,514 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013.03.24 22:40:55 | 002,287,232 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013.03.23 23:46:03 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\CCleaner.lnk
[2013.03.23 23:38:16 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013.03.23 23:38:16 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\µTorrent.lnk
[2013.03.23 15:36:53 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2013.03.22 13:13:46 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\gmer.exe
[2013.03.21 19:25:51 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\NCdownloader.lnk
[2013.03.19 22:57:31 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\FTL_Nesasio.mpg.sfl
[2013.03.19 21:54:33 | 1030,666,244 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\FTL_Nesasio.mpg
[2013.03.19 19:40:46 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2013.03.19 18:56:02 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\Steam.lnk
[2013.03.19 12:13:00 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Pikakuvake psykologia_artikkelit.lnk
[2013.03.18 22:32:13 | 000,536,243 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\water_accident.png
[2013.03.18 20:50:36 | 000,237,904 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-18_20.50.36.png
[2013.03.18 17:01:15 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Pikakuvake (2) Minecraft_Server.exe.lnk
[2013.03.16 18:01:58 | 000,610,304 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\Nina concepts.jpg
[2013.03.16 18:01:33 | 000,346,023 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\WIP_Asha.jpg
[2013.03.15 18:27:55 | 002,229,713 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\IMG_0707.JPG
[2013.03.15 18:27:50 | 000,006,118 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013.03.15 17:45:50 | 000,313,901 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\gpu.png
[2013.03.15 17:37:36 | 000,221,278 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\ouch.png
[2013.03.14 15:18:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2013.03.14 15:18:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013.03.14 15:13:36 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\Nokia PC Suite.lnk
[2013.03.14 15:03:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013.03.13 19:27:14 | 000,263,186 | ---- | C] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Minecraft.exe
[2013.03.11 19:24:28 | 000,184,374 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\Phantasy Star000.bmp
[2013.03.10 19:53:27 | 000,105,626 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\black-screen-dramatic.jpg
[2013.03.10 19:52:40 | 000,071,226 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\black-1.2.jpg
[2013.03.10 19:49:12 | 001,195,774 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\RavenWWPh.jpg
[2013.03.10 19:43:44 | 001,015,551 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\RavenWWP.jpg
[2013.03.10 19:21:43 | 001,041,268 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\screen.jpg
[2013.03.10 19:19:29 | 001,138,818 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\FSRed-hires.jpg
[2013.03.10 19:02:33 | 000,153,701 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\necropolis.jpg
[2013.03.07 23:22:11 | 000,813,608 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-07 23.19.48_1-hires.jpg
[2013.03.07 23:21:35 | 000,864,884 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-07 23.15.11_1-hires.jpg
[2013.03.07 23:21:23 | 000,668,515 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-07 23.12.51_1-hires.jpg
[2013.03.07 23:17:43 | 000,058,924 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\11890793.jpg
[2013.03.07 17:02:31 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\SCHTHACK PSOBB.lnk
[2013.03.07 16:05:28 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\MyDefrag.lnk
[2013.03.07 13:42:55 | 001,244,895 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\IMG_20130307_133943.jpg
[2013.03.06 21:31:30 | 000,034,450 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\raven1.jpg
[2013.03.06 13:58:21 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Yleinen\Application Data\Microsoft\Internet Explorer\Quick Launch\Pikakuvake Infected Mushroom CD1 - The Trance Side.lnk
[2013.03.05 19:08:24 | 000,887,890 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\le art!.png
[2013.03.02 23:01:02 | 001,440,869 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-02 22.54.36_1-hires.jpg
[2013.03.02 16:24:28 | 003,244,152 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\Haughty Holiday Overture ~ Lively Underwater Civilization.mp3
[2013.03.01 22:31:05 | 001,000,694 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-01 22.28.35_1-hires.jpg
[2013.03.01 22:24:04 | 001,085,064 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\2013-03-01 22.20.27_1-hires.jpg
[2013.02.28 20:07:25 | 000,069,379 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\shouko2.png
[2013.02.26 23:47:25 | 000,038,196 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\512EJMNN4VL.jpg
[2013.02.26 23:47:01 | 000,332,892 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\slow-down1.jpg
[2013.02.26 23:46:52 | 000,362,902 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\Rengar_Splash_0.jpg
[2013.02.26 19:33:57 | 000,230,454 | ---- | C] () -- C:\Documents and Settings\Yleinen\Työpöytä\Light Crusader000.bmp
[2012.10.16 21:34:59 | 000,068,379 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2012.10.14 15:57:48 | 000,499,057 | ---- | C] () -- C:\Documents and Settings\Yleinen\TyöpöytäT_NinjaGaiden_Balisk_Special.mp3
[2012.09.25 22:47:23 | 000,454,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-287218729-682003330-1004-0.dat
[2012.09.25 22:47:22 | 000,385,750 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012.08.08 13:24:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2012.08.08 13:24:24 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2012.01.12 22:43:54 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Yleinen\Audio_Engine_XT_conf
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011.09.11 18:22:10 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011.09.11 18:22:10 | 000,001,323 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011.07.20 18:43:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2011.04.22 20:44:36 | 000,001,021 | ---- | C] () -- C:\WINDOWS\w9xabc.INI
[2011.04.22 20:06:51 | 000,001,170 | ---- | C] () -- C:\WINDOWS\savename.INI
[2011.04.22 20:06:51 | 000,000,142 | ---- | C] () -- C:\WINDOWS\savegame.INI
[2010.09.10 14:15:42 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Yleinen\.recently-used.xbel
[2010.07.07 16:27:51 | 000,011,408 | ---- | C] () -- C:\Documents and Settings\Yleinen\Application Data\SmarThruOptions.xml
[2010.03.28 21:31:22 | 000,257,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.02.14 21:43:20 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\Yleinen\Swap_Tilesets_in_VX_Editor
[2010.01.15 17:05:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Yleinen\Application Data\winscp.rnd
[2009.11.28 18:50:25 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2009.07.05 19:44:03 | 000,053,215 | ---- | C] () -- C:\Program Files\wesnoth-low.rar
[2009.06.18 13:17:19 | 000,052,415 | ---- | C] () -- C:\Program Files\fi.mo
[2009.06.18 12:18:36 | 000,128,071 | ---- | C] () -- C:\Program Files\wesnoth-low.po
[2009.04.14 14:12:17 | 000,001,734 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009.04.14 12:26:29 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Yleinen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009.04.19 11:58:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.10.29 07:25:51 | 001,509,376 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:54:17 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 18:11:56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.08.04 21:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2013.02.28 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013.01.19 12:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2010.02.27 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2012.10.14 13:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Calibrated
[2012.10.14 13:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2012.06.11 15:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cFos
[2011.12.02 11:13:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009.04.14 19:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012.05.28 13:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2012.06.20 19:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2013.03.14 15:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011.07.22 17:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2010.07.23 19:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LAG
[2009.06.13 11:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2013.03.28 11:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010.05.21 19:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009.05.05 13:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013.03.25 13:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011.07.21 21:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013.03.23 17:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegRun
[2012.06.06 16:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2009.05.06 11:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009.10.03 14:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010.11.26 12:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2011.03.27 19:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.12.31 14:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013.02.28 15:23:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013.01.21 16:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013.01.21 16:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\TuneUp Software
[2009.06.17 08:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2013.01.21 16:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser.NUORTIMO\Application Data\TuneUp Software
[2013.03.27 22:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\.minecraft
[2013.02.28 15:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\AVG
[2013.01.19 12:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\AVG2013
[2013.01.19 11:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\AVGTOOLBAR
[2011.11.04 15:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Basilisk Games
[2012.10.14 13:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Calibrated Software, Inc
[2010.09.25 23:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Character Creator
[2013.02.07 21:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Command & Conquer 3 Kane's Wrath
[2013.02.05 21:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Command & Conquer 3 Tiberium Wars
[2012.01.10 00:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Enterbrain
[2013.03.02 16:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\FALCOM
[2009.04.25 16:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\fretsonfire
[2012.02.03 22:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\GetRightToGo
[2010.12.21 16:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\IceChat
[2012.02.20 17:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\id Software
[2011.04.23 11:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\ImTOO
[2009.04.20 15:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\JTS
[2009.12.25 18:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Leadertech
[2012.03.29 11:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\LolClient
[2012.05.24 13:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\LolClient2
[2010.07.12 14:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\LucasArts
[2009.04.20 16:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\MAGIX
[2011.06.21 20:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\MP3SkypeRecorder
[2013.03.27 00:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Mumble
[2010.05.22 08:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Nokia
[2011.04.03 13:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Opera
[2012.05.23 22:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Oracle
[2013.03.14 15:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\PC Suite
[2009.05.06 11:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Publish Providers
[2009.11.28 18:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Red Alert 3
[2010.12.25 00:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\runic games
[2012.10.13 16:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\SEGA
[2010.07.07 16:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\SmarThru4
[2009.04.25 19:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Softplicity
[2011.11.15 21:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Sony
[2012.11.28 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Sony Online Entertainment
[2010.07.23 20:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Subversion
[2013.01.19 12:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\TuneUp Software
[2009.10.03 14:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\Ubisoft
[2011.07.23 22:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\UFOAI
[2012.10.23 18:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\uqm
[2011.06.01 23:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\uqmmod
[2013.03.28 11:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\uTorrent
[2010.11.13 23:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\W
[2009.06.28 18:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yleinen\Application Data\X-Chat 2

========== Purity Check ==========



========== Files - Unicode (All) ==========
(C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PHANTASY STAR ONLINE 2 ??????????????) -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版

< End of report >

Then the Extras.txt.

OTL Extras logfile created on: 28.3.2013 11:48:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Yleinen\Työpöytä
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

3,19 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 75,54% Memory free
5,03 Gb Paging File | 4,08 Gb Available in Paging File | 81,09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114,48 Gb Total Space | 44,87 Gb Free Space | 39,19% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 878,88 Gb Free Space | 94,35% Space Free | Partition Type: NTFS

Computer Name: NUORTIMO | User Name: Yleinen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-746137067-287218729-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57032:TCP" = 57032:TCP:*:Enabled:Pando Media Booster
"57032:UDP" = 57032:UDP:*:Enabled:Pando Media Booster
"56921:TCP" = 56921:TCP:*:Enabled:Pando Media Booster
"56921:UDP" = 56921:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\utorrent.exe" = C:\Program Files\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour-palvelu -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"I:\steami\Steam.exe" = I:\steami\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"I:\steami\SteamApps\common\FTL Faster Than Light\FTLGame.exe" = I:\steami\SteamApps\common\FTL Faster Than Light\FTLGame.exe:*:Enabled:FTL: Faster Than Light -- ()
"I:\steami\SteamApps\common\Frozen Synapse\FrozenSynapse.exe" = I:\steami\SteamApps\common\Frozen Synapse\FrozenSynapse.exe:*:Enabled:Frozen Synapse -- ()
"I:\steami\SteamApps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe" = I:\steami\SteamApps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe:*:Enabled:Command and Conquer 3: Kane's Wrath -- (Electronic Arts Inc.)
"I:\steami\SteamApps\common\Command and Conquer 3 - Kane's Wrath\Support\EA Help\Electronic_Arts_Technical_Support.htm" = I:\steami\SteamApps\common\Command and Conquer 3 - Kane's Wrath\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Command and Conquer 3: Kane's Wrath -- ()
"I:\steami\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe" = I:\steami\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe:*:Enabled:Borderlands 2 -- (Gearbox Software)
"I:\steami\SteamApps\common\Sonic CD\soniccd.exe" = I:\steami\SteamApps\common\Sonic CD\soniccd.exe:*:Enabled:Sonic CD -- ()
"I:\steami\SteamApps\common\Sonic CD\setup.exe" = I:\steami\SteamApps\common\Sonic CD\setup.exe:*:Enabled:Sonic CD -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"I:\steami\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe" = I:\steami\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red)
"I:\steami\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe" = I:\steami\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{18D13E8A-7BD3-486F-847D-57FBE828F537}_is1" = Total Audio MP3 Converter v2.3 build 1037
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{277649C0-D8D5-3190-AFF3-D0F88A375B16}" = Microsoft .NET Framework 4 Extended FIN Language Pack
"{2A9767A4-577D-4806-A121-7F0010F6BC60}" = Latency Optimizer FREE VERSION
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFC4431-06B5-4099-B09C-56434EEB3017}" = escv
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47ED7365-8694-42EB-AEC5-28892C5E1D1B}" = Calibrated{Q} XD Decode
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Windows Live -laitehallinta
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP:n valokuva- ja kuvankäsittelyohjelma 2.0 - All-in-One Ohjain
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780262B9-4578-3727-97D3-62DE7B9F5F82}" = Microsoft .NET Framework 4 Client Profile FIN Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7EBC6074-1B1B-40DE-9A83-14BEB7198837}" = SOME
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{9011040B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{932097A6-B697-46A6-B49B-14F922B501A0}" = USB Vibration GamePad
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP:n valokuva- ja kuvankäsittelyohjelma 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.4 build 1429
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A5E9A73E-8FC0-387D-9CCE-8BAA6B042872}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FIN
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4C0345-2E31-4D99-B4E6-7351975E06F6}" = Windows Liven asennustyökalu
"{AC76BA86-7AD7-1035-7B44-A91000000001}" = Adobe Reader 9.1.3 - Suomi
"{AC76BA86-7AD7-1035-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Suomi
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-ohjauspaneeli 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiikkaohjain 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-järjestelmäohjelmisto 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-päivitykset 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP-muistolevy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D86CEB96-6B1E-4214-ACEA-83EBEFCA1212}_is1" = OGG MP3 Converter v4.1 build 929
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E11274EB-B35F-4A35-BC5B-98823FFE7519}" = Windows Live Messenger
"{E369A040-E812-37B3-A5B9-311E5579FAC3}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fin
"{E8989391-9865-473A-A107-625266D6D4BD}" = The Spirit Engine 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FC97690A-90AD-3A67-BE73-50886A93CFF5}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FIN
"{FEA3BE8A-67DB-4834-A2A8-D25A9D7F426D}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windowsin ohjainpaketti - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windowsin ohjainpaketti - Nokia Modem (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 4.65
"A_Tale_of_Two_Kingdoms_1.0" = A Tale of Two Kingdoms 1.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"AVG" = AVG 2013
"B3653D937631B8E5281810AC4F31D44CA33FBFAA" = Windowsin ohjainpaketti - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Best MIDI to MP3_is1" = Best MIDI to MP3 1.4.0
"Calibrated{Q} XD Decode 1.9.4" = Calibrated{Q} XD Decode
"camcodec" = CamStudio Lossless Codec
"Canon Advanced Printing Technology" = Canon CAPT -kirjoittimet
"CCleaner" = CCleaner
"cFosSpeed" = cFosSpeed v8.00
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ControlMK" = ControlMK 0.232
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter 3.0
"DivX Setup" = DivX Setup
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windowsin ohjainpaketti - Nokia Modem (02/25/2011 4.7)
"fdrawcmd" = Fdrawcmd.sys 1.0.1.10
"Free FLV to AVI Video Converter_is1" = Free FLV to AVI Video Converter v. 1.0
"HP PSC 2170 Series" = HP valokuva- ja kuvankäsittelyohjelma 2.0 - hp psc 2170 series
"HyperCam 3" = HyperCam 3
"ips XP_is1" = ips XP 1.11.2600
"IrfanView" = IrfanView (remove only)
"JAIELangPack" = Japanese Language Support
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack SP1 - fin" = Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FIN Language Pack" = Microsoft .NET Framework 4 Client Profilen suomen kielipaketti
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FIN Language Pack" = Microsoft .NET Framework 4 Extendedin suomen kielipaketti
"ModPlug Player v1.46_is1" = ModPlug Player
"Mozilla Firefox 19.0.2 (x86 fi)" = Mozilla Firefox 19.0.2 (x86 fi)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Converter Simple" = MP3 Converter Simple
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"Panzer Corps_is1" = Panzer Corps version 1.0
"PoP1-Total Pack" = PoP1-Total Pack
"Product_Name" = Midi Maker
"Red Alert" = Red Alert Windows 95
"RPG Maker 2000 1.07b" = RPG Maker 2000 1.07b
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"save2pc Pro Demo_is1" = save2pc Pro Demo 3.61
"SCHTHACK PSOBB" = SCHTHACK PSOBB
"SmarThru PC Fax" = SmarThru PC Fax
"Steam App 200940" = Sonic CD
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 212680" = FTL: Faster Than Light
"Steam App 24810" = Command and Conquer 3: Kane's Wrath
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 98200" = Frozen Synapse
"The Ur-Quan Masters" = The Ur-Quan Masters 0.7.0
"The Ur-Quan Masters project6014" = The Ur-Quan Masters project6014 0.2.1
"Total WAV Converter_is1" = TotalWAVConverter
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Liven asennustyökalu
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.5
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"VLC media player" = VLC media player 0.9.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"VTFEdit_is1" = VTFEdit 1.3.1
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
"WinImage" = WinImage

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.3.2013 9:55:38 | Computer Name = NUORTIMO | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Error - 23.3.2013 9:56:13 | Computer Name = NUORTIMO | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Error - 23.3.2013 9:56:13 | Computer Name = NUORTIMO | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Error - 23.3.2013 9:56:13 | Computer Name = NUORTIMO | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Error - 23.3.2013 10:40:39 | Computer Name = NUORTIMO | Source = WmiAdapter | ID = 4099
Description = Palvelun avaaminen ei onnistunut.

Error - 24.3.2013 5:24:49 | Computer Name = NUORTIMO | Source = WmiAdapter | ID = 4099
Description = Palvelun avaaminen ei onnistunut.

Error - 24.3.2013 16:05:04 | Computer Name = NUORTIMO | Source = WmiAdapter | ID = 4099
Description = Palvelun avaaminen ei onnistunut.

Error - 25.3.2013 5:09:05 | Computer Name = NUORTIMO | Source = WmiAdapter | ID = 4099
Description = Palvelun avaaminen ei onnistunut.

Error - 27.3.2013 11:05:43 | Computer Name = NUORTIMO | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 27.3.2013 15:35:12 | Computer Name = NUORTIMO | Source = WmiAdapter | ID = 4099
Description = Palvelun avaaminen ei onnistunut.

[ System Events ]
Error - 27.3.2013 15:35:12 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 ms) odottaa palvelun WMI resurssisovitin yhdistymistä.

Error - 27.3.2013 15:35:12 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7000
Description = Palvelua WMI resurssisovitin ei voi käynnistää. Virhekoodi on %%1053

Error - 27.3.2013 15:36:18 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 ms) odottaa palvelun Sovelluskerroksen yhdyskäytäväpalvelu
yhdistymistä.

Error - 27.3.2013 15:37:08 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7000
Description = Palvelua Sovelluskerroksen yhdyskäytäväpalvelu ei voi käynnistää.
Virhekoodi on %%1053

Error - 28.3.2013 5:07:54 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7006
Description = Kutsu ScRegSetValueExW epäonnistui: FailureActions. Virhe: %%5

Error - 28.3.2013 5:07:54 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 ms) odottaa palvelun Bonjour-palvelu yhdistymistä.

Error - 28.3.2013 5:07:54 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7000
Description = Palvelua Bonjour-palvelu ei voi käynnistää. Virhekoodi on %%1053

Error - 28.3.2013 5:07:55 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7006
Description = Kutsu ScRegSetValueExW epäonnistui: FailureActions. Virhe: %%5

Error - 28.3.2013 5:07:55 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7000
Description = Palvelua SSPORT ei voi käynnistää. Virhekoodi on %%2

Error - 28.3.2013 5:09:54 | Computer Name = NUORTIMO | Source = Service Control Manager | ID = 7022
Description = Palvelu AVGIDSAgent lukkiutui käynnistyksessä.


< End of report >
__________________
Veke is offline  
Old 03-28-2013, 04:49 AM   #16
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Thanks...while I am looking the OTL logs over could you do the following:

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-28-2013, 06:24 AM   #17
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.MFEMGA
----- EOF -----
__________________
Veke is offline  
Old 03-28-2013, 08:07 AM   #18
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\WINDOWS\System32\drivers\AFS2K.SYS

Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------
__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-28-2013, 08:54 AM   #19
Registered Member
 
Join Date: Sep 2008
Posts: 26
OS: Windows XP Service Pack 3



Here is the link. https://www.virustotal.com/fi/file/e...is/1364485925/
__________________
Veke is offline  
Old 03-28-2013, 10:39 AM   #20
Security Team
Analyst
 
jeffce's Avatar

Microsoft Most Valuable Professional
 
Join Date: Feb 2011
Location: USA
Posts: 2,322
OS: Vista and Ubuntu



  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :file
    C:\WINDOWS\System32\drivers\AFS2K.SYS
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

__________________



Microsoft MVP - Consumer Security 2014
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD after few minutes of gaming
Hello, and thanks in advance for taking the time to help. First off, I couldn't find a thread with specific instructions on who to acquire all the specific log files for Windows XP - it seems the stickies only pertain to Windows 7 / Vista. If someone could point me in the right direction, I'll...
Deamon615 BSOD, App Crashes And Hangs 37 11-04-2012 02:18 PM
Google: opening new tab jumps search page to top
In Google, I search, results come up, I middle click to open link in new tab. I have "Always show tab bar" turned OFF, so it only shows once there are at least two tabs in the window. Starting about 2 months ago give or take, when the tab bar appears (going from one tab hidden to two tabs after...
NotSoGeeky Mozilla/Firefox Browsers 2 01-23-2012 04:13 AM
[SOLVED] Slow Windows XP Splash Screen
My problem is that in the middle of having some virus problems, my computer suddenly started booting significantly slower. It never took very long to boot before, like 10 seconds, but now it takes over a minute on the splash screen. I've already been through the Virus/Trojan/Spyware Help forum's...
aphtershox Windows XP Support 50 09-05-2011 05:00 PM
Really slow computer and random freezes. Please help
Hey i know you get this question a lot but this is a work computer that i can hopefully fix without doing a restore. It is running Vista and here is some information for it. If you need anymore please let me know. Thanks, Kane Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:30:17 PM,...
owen_kane Windows 7 Support, Windows Vista Support 8 02-28-2011 03:47 AM
[SOLVED] firefox running too slow
hi from a few days ago now i have been having issues with firefox running to slow. every time i go away from the computer the screen save comes on. when i move the mouse or touch a key the screen save would go away straight away but now firefox just freezes and starts runnig too slow so i...
pezzer Mozilla/Firefox Browsers 11 02-23-2011 02:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:09 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts